Search Results

Search found 33 results on 2 pages for 'drstalker'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/2 | 1 2  | Next Page >

  • configure a Cisco ASA to use MS-CHAP v2 for RADIUS authentication

    - by DrStalker
    Cisco ASA5505 8.2(2) Windows 2003 AD server We want to configure our ASA (10.1.1.1) to authenticate remote VPN users through RADIUS on the Windows AD controller (10.1.1.200) We have the following entry on the ASA: aaa-server SYSCON-RADIUS protocol radius aaa-server SYSCON-RADIUS (inside) host 10.1.1.200 key ***** radius-common-pw ***** When I test a login using the account COMPANY\username I see the users credentials are correct in the security log, but I get the following in the windows system logs: User COMPANY\myusername was denied access. Fully-Qualified-User-Name = company.com/CorpUsers/AU/My Name NAS-IP-Address = 10.1.1.1 NAS-Identifier = <not present> Called-Station-Identifier = <not present> Calling-Station-Identifier = <not present> Client-Friendly-Name = ASA5510 Client-IP-Address = 10.1.1.1 NAS-Port-Type = Virtual NAS-Port = 7 Proxy-Policy-Name = Use Windows authentication for all users Authentication-Provider = Windows Authentication-Server = <undetermined> Policy-Name = VPN Authentication Authentication-Type = PAP EAP-Type = <undetermined> Reason-Code = 66 Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy. My assumption is that the ASA is using PAP authentication, instead of MS-CHAP v2; the credentials are confirmed, the proper Remote Access Policy is being used, but this policy is set to only allow MS-CHAP2. What do we need to do on the ASA to make it us MS-CHAP v2? In the ADSM GUI The "Microsoft CHAP v2 compatible" tickbox is enabled, but I don't know what this corresponds to in the config.

    Read the article

  • Cisco ASA intermittently fails to see traffic

    - by DrStalker
    users | Mikrotik -- Internet | ASA | ServerA and ServerB I'm trying to troubleshoot a problem with a new Cisco ASA 5505. The network design is as above - the Microtik is the existing router, ServerA and ServerB used to plug directly into it. ServerA has IP 10.30.1.10, ServerB has IP 10.30.1.11 The ASA is configured with no NAT, a "allow anything" firewall, and uses the microtik as its default gateway. In effect, it is currently a simple IP router; the firewall and VPN stuff will all come later once the basics are working. Th problem is access to ServerA and ServerB is erratic - sometimes it will work, sometimes it will fail. It can fail for either one of the servers only, or both. When it is working: The Mikrotik logs show ping packets being sent out over the proper interface The ASA logs show the incoming connections. When it is failing: The Mikrotik logs show ping packets being sent out over the proper interface The ASA logs show nothing reaching the ASA. This can fail for one server only (e.g.: the Mikrotik is putting out packets to 10.30.1.10 and 10.30.1.11, but the ASA is only seeing packets arrive destined for 10.30.1.11) It can fail for one source only (e.g.: ClientA on the users network can ping 10.30.1.11, but clientB cannot) The problem can also be seen from the mikrotik router itself; sometimes it can ping ServerA and ServerB, sometimes it can only ping one of them What could be causing this? I can't think of any possible cause that is intermittent and could explain why the problem may occur for one destination server and not others. edit: Link to ASA config

    Read the article

  • Cisco ASA: Routing packets based on where the connections started from

    - by DrStalker
    We have a Cisco ASA 5505 (version 8.2(2)) with three interfaces: outside: IP address 11.11.11.11, this is the default route inside: IP address 10.1.1.1, this is the local subnet newlink: 22.22.22.22, this is a new internet connection. We need to move VPN users from the 11.11.11.11 address to the 22.22.22.22 address, and we're using SSH on the ASA as to test and sort out the routing. The problem we have is this: If we define a particular IP as being on a static route out the newlink interface then it can SSH to 22.22.22.22 fine. If we do not define a static route then the traffic hits the ASA, but the return traffic does not come back over newlink; presumably it gets sent over the outside interfcae as that is the default route. We can't define a static route for each remote endpoint because there are dialup VPN users, who obviously change IP a lot What we need to do is configure the ASA so if a connection comes in on the newlink interface then the outgoing packets for that go over the newlink interface, not the default route. With iptables this should be do-able by marking the connection and doing mark-routing, but what is the equivalent for a Cisco ASA?

    Read the article

  • Apache: Redirect entire virtual host to a URL

    - by DrStalker
    Centos 5.2, Apache 2.2.3 I want to configure Apache to redirect any URL under mail.mydomain.com to the single URL https://mail.google.com/a/mydomain.com How can I set this up with Apache? I have LoadModule rewrite_module modules/mod_rewrite.so but I'm not sure how to actually use this and I can't find a really simple example; I assume I set up a new virtual host with some form of rewrite directive, but how is this done?

    Read the article

  • MySQL: creating a user that can connect from multiple hosts

    - by DrStalker
    I'm using MySQL and I need to create an account that can connect from either the localhost of from another server, 10.1.1.1. So I am doing: CREATE USER 'bob'@'localhost' IDENTIFIED BY 'password123'; CREATE USER 'bob'@'10.1.1.1 IDENTIFIED BY 'password123'; GRANT SELECT, INSERT, UPDATE, DELETE on MyDatabse.* to 'bob'@'localhost', 'bob'@'10.1.1.1; This works fine, but is there any more elegant way to create a user account that is linked to multiple IPs or does it need to be done this way? My main worry is that in the future permissions will be updated form 'bob' account and not the other.

    Read the article

  • MySQL: stopping just one DB to allow it to be moved

    - by DrStalker
    I want to do some work on the files that make up a few MySQL DBs (moving the files to a different partition and symlinking the original location to this) and if possible I'd like to shutdown just the database being moved, rather than shutting MySQL down altogether. Is there anyway in MySQL to do this, or will I need to do a full MySQL shutdown to be able to move the files?

    Read the article

  • Display wireless channels currently in use

    - by DrStalker
    Is there any windows utility to display the wireless channels are currently in use by the available wireless networks? I'd like to be able to see what existing channels are using so I can try to minimize interference on a new access point without a lot of trial and error.

    Read the article

  • convert .p7b key to a .pfx

    - by DrStalker
    I have an SSL certificate in .p7b format that I need to convert to .pfx. If I try this through the windows certificate managment the option to expert as a .pfx is disabled. Trying with openssl I have found the following two commands to do the conversion: openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer but I'm not sure what key to use for teh esecond command, or what certificate CACert.cer refers to. How can I convert this key to .pfx format?

    Read the article

  • Using Google Analytics to track Usernames

    - by DrStalker
    We have a SharePoint Installation (MOSS, IIS 7.0, Windows Authentication, Windows 2008) and Google Analytics has been installed to track site usage. The site is an intranet site, and all users are authenticated before gaining access. Is there any way in Google Analytics to track user information so we can see details of the login names of who is accessing content?

    Read the article

  • IIS: redirect to a webpage if authentication fails

    - by DrStalker
    We have an IIS site (MOSS 2007) that uses Windows Authentication. When a user that has forgotten their password tries to login the servers keeps sending 401 requests. This means on IE the user gets three prompts before IE displays a blank page, on Firefox the user is prompted over and over until they give up. We would like to change the behavior so if a user fails to login three times in a row we send them a redirect to a different site, instead of another 401 Forms authentication is not an option; the site has to remain on windows authentication to allow for SSO capabilities and certain sharepoint functions. Is there any way to tweak the IIS behavior to do this?

    Read the article

  • Linux: shortname stuck as "localhost" even though full hostname is correct

    - by DrStalker
    I have a linux (CentOS 5.2) server with the name myserver.mycompnay.com, which is correctly returned when I run 'hostname'. When I run 'hostname -s' however it returns "localhost" which is causing some backup scripts to put stuff in a "localhost" directory instead of a "myserver" directory. All of our other CentOS boxes correctly return the first part of their hostname when 'hostname -s', where do I go on this server to make it behave the same? Other than having "HOSTNAME=myserver.mycompnay.com" in /etc/sysconfig/network what should I be looking at?

    Read the article

  • How do I connect to the serial console port os a Sunfire 280R?

    - by DrStalker
    We have a Sunfire 280R (old SPARC/Solaris server) that is refusing to come up after being relocated. We're trying to connect to the serial console port, but all we get is random gibberish on the screen. We've tried both connecting with a DB25DB9 adapter and using a DB-25-RJ45 adapter with a cisco RJ45-DB9 adapter to a windows laptop. We're configuring the laptop to 9600 baud, 8 bit, 1 stop bit, no parity. We've tried both no flow control and Xon/Xoff. We get the same results hooking up to the serial port on a working SPARC server, so it's probably something in our setup rather than a fault with the server. How do we get access to to serial console so we can work out what is stopping this box from getting to the network? Is there a special sun adapter we need to get/make to get the serial link working?

    Read the article

  • Linux: using find to locate files older than <date>

    - by DrStalker
    find has good support for finding files the more modified less than X days ago, but how can I use find to locate all files modified after a certain date? I can't find anything in the find man page to do this, only to compare against another files time or to check for differences between created time and now. Is making a file with the desired time and comparing against that the only way to do this?

    Read the article

  • IIS: redirect everything to another URL, except for one Directory

    - by DrStalker
    I have an IIS server (IIS 6, Win 2003) that hosts the site http://www.foo.com. I want any request to http://foo.com (no matter what path/filename is used) to redirect to http://www.bar.org/AwesomePage.html UNLESS the request is for http://www.foo.com/specialdir, in which case the HTML files in the local directory specialdir should be used. The problem I have is once the redirect is set it also affects /specialdir - even if I right click on that directory and select "content should come from ... local directory" that change does not take effect, and the directory still shows as redirecting to http://www.bar.org/AwesomePage.html. The same thing happens if I try to set individual files to load from the local system instead of redirecting - IIS gives no error, but the change does not take effect and the files still show as being redirected. How can I set specialdir to override the redirection to the new URL?

    Read the article

  • SSL certificate selection based on host-header: is it possible?

    - by DrStalker
    Is it possible for a web server to select an SSL certificate to use based on the host-header of the incoming connection, or is that information that is only available after the SSL connection is established? That is, can my webserver listed on port 443 and use the foo.com certificate if https://foo.com is requested, and the bar.com certificate if https://bar.com is requested or am I trying to do something impossible because the server has to establish an SSL connection before it knows what the client wants?

    Read the article

  • Copy a website and preserve the file & folder structure

    - by DrStalker
    I have an old web site running on an ancient version of Oracle Portal that we need to convert to a flat-html structure. Due to damage to the server we are not able to access the administrative interface, and even if we could there is no export functionality that can work with modern software versions. It would be enough to crawl the website and have all the pages & images saved to a folder, but the file structure needs to be preserved; that is, if a page is located at http://www.oldserver.com/foo/bar/baz/mypage.html then it needs to be saved to /foo/bar/baz/mypage.html so that the various Javascript bits will continue to function. None of the web crawlers I've found have been able to do this; they all want to rename the pages (page01.html, page02.html etc) and break the folder structure. Is there any crawler out there that will recreate the site structure as it appears to a user accessing the site? It doesn't need to redo any of teh content of the pages; once rehosted the pages will all have the same names they did originally so links will continue to work.

    Read the article

  • apache using mod_auth_kerb always asks for the password twice

    - by DrStalker
    (Debian Squeeze) I'm trying to set apache up to use Kerberos authentication to allow AD users to log in. It is working, but prompts the user twice for a username and password, with the first time being ignored (no matter what is put it in.) Only the second prompt includes the AuthName string from the config (i.e.: the first windows is a generic username/password one, the second includes the title "Kerberos Login") I'm not worried about integrated windows authentication working at this stage, I just want users to be able to login with their AD account so we don't need to set up a second repository of user accounts. How do I fix this to eliminate that first useless prompt? The directives in the apache2.conf file: <Directory /var/www/kerberos> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd On KrbAuthRealms ONEVUE.COM.AU.LOCAL Krb5KeyTab /etc/krb5.keytab KrbServiceName HTTP/[email protected] require valid-user </Directory> krb5.conf: [libdefaults] default_realm = ONEVUE.COM.AU.LOCAL [realms] ONEVUE.COM.AU.LOCAL = { kdc = SYD01PWDC01.ONEVUE.COM.AU.LOCAL master_kdc = SYD01PWDC01.ONEVUE.COM.AU.LOCAL admin_server = SYD01PWDC01.ONEVUE.COM.AU.LOCAL default_domain = ONEVUE.COM.AU.LOCAL } [login] krb4_convert = true krb4_get_tickets = false The access log when accessing the secured directory (note the two seperate 401's) 192.168.10.115 - - [24/Aug/2012:15:52:01 +1000] "GET /kerberos/ HTTP/1.1" 401 710 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.83 Safari/537.1" 192.168.10.115 - - [24/Aug/2012:15:52:06 +1000] "GET /kerberos/ HTTP/1.1" 401 680 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.83 Safari/537.1" 192.168.10.115 - [email protected] [24/Aug/2012:15:52:10 +1000] "GET /kerberos/ HTTP/1.1" 200 375 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.83 Safari/537.1" And one line in error.log [Fri Aug 24 15:52:06 2012] [error] [client 192.168.0.115] gss_accept_sec_context(2) failed: An unsupported mechanism was requested (, Unknown error)

    Read the article

  • MySQL: table is marked as crashed

    - by DrStalker
    After a disk full issue one of the MySQL DBs on the server is coming up with the following error when I try to back it up: [root@mybox ~]# mysqldump -p --result-file=/tmp/dbbackup.sql --database myDBname Enter password: mysqldump: Got error: 145: Table './myDBname/myTable1' is marked as crashed and should be repaired when using LOCK TABLES A bit of investigation shows two tables have this issue. What needs to be done to fix up the damaged tables?

    Read the article

  • MySQL: how to quote or escape field names?

    - by DrStalker
    Recently I was given a MySQL DB that included a field named time-taken, which caused errors when used in a select because of the minus sign. In this case I was able to rename the field, but for future reference how can field names be quoted or escaped in a MySQL query?

    Read the article

  • IT Inventory Tracking

    - by DrStalker
    What is a good tool to keep track of IT inventory? Systems that are installed and running, parts being ordered, that sort of thing. I'd love a central, web based system (preferably something we can customize) but my searching so far has resulted in a lot of dead open source projects that havn't been updated in a few years and poorly created commercial websites that don't do a very good job describing their product. The software doesn't have to be free or open source - a good commercial alternative is fine. It doesn't even need to be a web-based tool, that's just what I thought would be simplist to find and easiest to deploy. The number of assets that it will be tracking will be in the dozens, so it doesn't have to be a super high-end enterprise solution but it does need to do a better job than an excel sheet in a shared folder (which is our current "solution")

    Read the article

  • What permissions are needed to do an LDAP bind to an Active Directory Server

    - by DrStalker
    What permissions are needed to perform an LDAP bind to an active directory server? I have a central domain (call it MAIN) that has two-way trusts to domains in other forests (call then REMOTE and FARAWAY) Using MAIN\myaccount as the username and my password I can bind to REMOTE fine, but not to FARAWAY; I get an invalid credentials response 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 In all other ways the trusts seem to work fine. What permissions do I need to check to figure out why the bind is failing? My understanding is that anyone in AUTHENTICATED USERS should be able to bind to LDAP, but that only seems to hold true for some domaians and not others.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2  | Next Page >