Search Results

Search found 4884 results on 196 pages for 'ad hoc distribution'.

Page 11/196 | < Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >

  • LdapErr: DSID-0C0903AA, data 52e: authenticating against AD '08 with pam_ldap

    - by Stefan M
    I have full admin access to the AD '08 server I'm trying to authenticate towards. The error code means invalid credentials, but I wish this was as simple as me typing in the wrong password. First of all, I have a working Apache mod_ldap configuration against the same domain. AuthType basic AuthName "MYDOMAIN" AuthBasicProvider ldap AuthLDAPUrl "ldap://10.220.100.10/OU=Companies,MYCOMPANY,DC=southit,DC=inet?sAMAccountName?sub?(objectClass=user)" AuthLDAPBindDN svc_webaccess_auth AuthLDAPBindPassword mySvcWebAccessPassword Require ldap-group CN=Service_WebAccess,OU=Groups,OU=MYCOMPANY,DC=southit,DC=inet I'm showing this because it works without the use of any Kerberos, as so many other guides out there recommend for system authentication to AD. Now I want to translate this into pam_ldap.conf for use with OpenSSH. The /etc/pam.d/common-auth part is simple. auth sufficient pam_ldap.so debug This line is processed before any other. I believe the real issue is configuring pam_ldap.conf. host 10.220.100.10 base OU=Companies,MYCOMPANY,DC=southit,DC=inet ldap_version 3 binddn svc_webaccess_auth bindpw mySvcWebAccessPassword scope sub timelimit 30 pam_filter objectclass=User nss_map_attribute uid sAMAccountName pam_login_attribute sAMAccountName pam_password ad Now I've been monitoring ldap traffic on the AD host using wireshark. I've captured a successful session from Apache's mod_ldap and compared it to a failed session from pam_ldap. The first bindrequest is a success using the svc_webaccess_auth account, the searchrequest is a success and returns a result of 1. The last bindrequest using my user is a failure and returns the above error code. Everything looks identical except for this one line in the filter for the searchrequest, here showing mod_ldap. Filter: (&(objectClass=user)(sAMAccountName=ivasta)) The second one is pam_ldap. Filter: (&(&(objectclass=User)(objectclass=User))(sAMAccountName=ivasta)) My user is named ivasta. However, the searchrequest does not return failure, it does return 1 result. I've also tried this with ldapsearch on the cli. It's the bindrequest that follows the searchrequest that fails with the above error code 52e. Here is the failure message of the final bindrequest. resultcode: invalidcredentials (49) 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772 This should mean invalid password but I've tried with other users and with very simple passwords. Does anyone recognize this from their own struggles with pam_ldap and AD? Edit: Worth noting is that I've also tried pam_password crypt, and pam_filter sAMAccountName=User because this worked when using ldapsearch. ldapsearch -LLL -h 10.220.100.10 -x -b "ou=Users,ou=mycompany,dc=southit,dc=inet" -v -s sub -D svc_webaccess_auth -W '(sAMAccountName=ivasta)' This works using the svc_webaccess_auth account password. This account has scan access to that OU for use with apache's mod_ldap.

    Read the article

  • A quick tip for those working with the Windows Phone 7 AD SDK.

    - by mbcrump
    One thing that I’ve noticed in several apps in the Windows Phone 7 marketplace is the ad chopping off on the right hand side. I decided that my next Windows Phone 7 app will be ad supported so why not sign up for the Advertising SDK and investigate this issue. *Note: If you want to see this in an actual app then download the free app called “Road Rage”. So here is an example of what I am talking about: You will notice that the right hand side of the AD is chopped off using the default ad banner. You can see the border on the left hand side clearly. So, what exactly is going on? Let’s take a look at this in the designer. From this image we can see it clearer, the margin of the grid that the ad is contained in needs to be removed. By default, the ContentPanel in a Windows Phone Page has a margin already set on it. See below for an example of this: <!--ContentPanel - place additional content here--> <Grid x:Name="ContentPanel" Grid.Row="1" Margin="12,0,12,0"> </Grid> If you simply remove that margin then your ad will display properly as shown below. It’s strange that I’ve seen this in multiple WP7 applications in the marketplace. If you are trying to make money off Ads, you would probably want to make sure the full ad is displayed. I am hoping this short post helped someone.   Subscribe to my feed

    Read the article

  • Ubuntu 12.04 // Likewise Open // Unable to ever authenticate AD users

    - by Rob
    So Ubuntu 12.04, Likewise latest from the beyondtrust website. Joins domain fine. Gets proper information from lw-get-status. Can use lw-find-user-by-name to retrieve/locate users. Can use lw-enum-users to get all users. Attempting to login with an AD user via SSH generates the following errors in the auth.log file: Nov 28 19:15:45 hostname sshd[2745]: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory Nov 28 19:15:45 hostname sshd[2745]: PAM adding faulty module: pam_winbind.so Nov 28 19:15:51 hostname sshd[2745]: error: PAM: Authentication service cannot retrieve authentication info for DOMAIN\\user.name from remote.hostname Nov 28 19:16:06 hostname sshd[2745]: Connection closed by 10.1.1.84 [preauth] Attempting to login via the LightDM itself generates similar errors in the auth.log file. Nov 28 19:19:29 hostname lightdm: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory Nov 28 19:19:29 hostname lightdm: PAM adding faulty module: pam_winbind.so Nov 28 19:19:47 hostname lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "DOMAIN\user.name" Nov 28 19:19:52 hostname lightdm: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:DOMAIN\user.name][error code:40022] Nov 28 19:19:54 hostname lightdm: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory Nov 28 19:19:54 hostname lightdm: PAM adding faulty module: pam_winbind.so Attempting to login via a console on the system itself generates slightly different errors: Nov 28 19:31:09 hostname login[997]: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory Nov 28 19:31:09 hostname login[997]: PAM adding faulty module: pam_winbind.so Nov 28 19:31:11 hostname login[997]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:DOMAIN\user.name][error code:40022] Nov 28 19:31:14 hostname login[997]: FAILED LOGIN (1) on '/dev/tty2' FOR 'DOMAIN\user.name', Authentication service cannot retrieve authentication info Nov 28 19:31:31 hostname login[997]: FAILED LOGIN (2) on '/dev/tty2' FOR 'DOMAIN\user.name', Authentication service cannot retrieve authentication info I am baffled. The errors obviously are correct, the file /lib/security/pam_winbind.so does not exist. If its a dependancy/required, surely it should be part of the package? I've installed/reinstalled, I've used the downloaded package from the beyondtrust website, i've used the repository, nothing seems to work, every method of installing this application generates the same errors for me. UPDATE : Hrmm, I thought likewise didn't use native winbind but its own modules. Installing winbind from apt-get uninstalls pbis-open (likewise) and generates failures when installing if pbis-open is installed first. Uninstalled winbind, reinstalled pbis-open, same issue as above. The file pam_winbind.so does not exist in that location. Setting up pbis-open-legacy (7.0.1.918) ... Installing Packages was successful This computer is joined to DOMAIN.LOCAL New libraries and configurations have been installed for PAM and NSS. Clearly it thinks it has installed it, but it hasn't. It may be a legacy issue with the previous attempt to configure domain integration manually with winbind. Does anyone have a working likewise-open installation and does the /etc/nsswitch.conf include references to winbind? Or do the /etc/pam.d/common-account or /etc/pam.d/common-password reference pam_winbind.so? I'm unsure if those entries are just legacy or setup by likewise. UPDATE 2 : Complete reinstall of OS fixed it and it worked seamlessly, like it was meant to and those 2 PAM files did NOT include entries for pam_winbind.so, so that was the underlying problem. Thanks for the assist.

    Read the article

  • Signature invalid only for ad hoc

    - by brettr
    I'm not sure what changed on my ad hocs but I get this error when trying to install: Application failed codesign verification. The signature was invalid, or it was not signed with an Apple submission certificate. (-19011) Device debug builds fine. The cert that is associated with my ad hoc provisioning profile doesn't expire until 2011. I've searched Google but haven't found any applicable solution, except some mention about deleting and recreating the certs. Before I go down that rode, has any one experienced and resolved this issue? I'm using Xcode 3.2.3 and building against sdk 3.0.

    Read the article

  • What is the easiest way to get the primary groupName from AD in C#?

    - by madhatter84gn
    I am currently using PrincipalContext and UserPrincipal to return the users primary groupid. How can I take this id and find the actual group name? Also I have code that works correctly to assign the user's primary group, but once I assign them to the group I can not delete them from Domain Users which is the default primary group prior to my change. I have called Save() before trying to remove the domain users group. My requirements state I must add the user to AD then assign their primary group and then remove them as a member of Domain Users.

    Read the article

  • UDP sockets in ad hoc network (Ubuntu 9.10)

    - by Ekhiotz
    Hi! I am using BSD sockets in Ubuntu 9.10 to send UDP packets in broadcast with the following code: sock_fd = socket(PF_INET,SOCK_DGRAM,IPPROTO_UDP); //sock_fd=socket(AF_INET,SOCK_DGRAM,0); receiver_addr.sin_family = PF_INET; //does not send with broadcast in ad hoc receiver_addr.sin_addr.s_addr = htonl(INADDR_BROADCAST); inet_aton("169.254.255.255",&receiver_addr.sin_addr); receiver_addr.sin_port = htons(port); int broadcast = 1; // this call is what allows broadcast packets to be sent: if (setsockopt(sock_fd, SOL_SOCKET, SO_BROADCAST, &broadcast, sizeof broadcast) == -1) { perror("setsockopt (SO_BROADCAST)"); exit(1); } ret=sendto(sock_fd, packet, size, 0,(struct sockaddr*)&receiver_addr,sizeof(receiver_addr)); Note that is not all the code, it is only to have an idea. The program sends all the data with INADDR_BROADCAST if I am connected to an infrastructure wireless network. However, if my laptop is connected to an ad-hoc network, it is able to receive all the data, but not to send it. I have solved the problem using the 169.254.255.255 broadcast address, but I would like to know what is going on. Thank you in advance!

    Read the article

  • Ubuntu 10.10 Ad-Hoc Setup (from Wireless Router, to Ubuntu Server/Desktop to Wireless Router)

    - by user60375
    Okay, so I know there are different approaches for this, but I will explain my story briefly before getting to the technical stuff. My fiancée and I are going through some financial issues (as I assume a lot of us are). We ended up having to move from our house and stay with some friends/family for 6 months, just to get ourselves caught up. (Medical bills, among other issues,etc). So this is where it gets fun. At our friends house, we are staying in the loft setup which is not near the cable modem and wireless router. I have a "hand-crafted" media center running XBMC, an Ubuntu 10.10 Server/Desktop (multi-purpose, very powerful and tons drive space), two working laptops, a between the two of us we have multiple wireless devices/phones. Now our friends Wireless router doesn't have any options for assigning IP addresses, but my router does. My current setup is: Friends Cable Modem -- Friend's Wireless Router -- Ubuntu 10.10 Server -- My Wireless Router (local-link from Friend's wireless (incoming) to sharing connection on ETH0 (outgoing)) -- to all devices. (Wireless Modem, Ubuntu Server that share's it's wireless incoming connection to the ethernet port my Wireless router share's with the rest of the devices). I setup my router to use default settings from my friend's router, using Google's DNS on my router (disabled DNS setup on Ubuntu Server), everything is assigned nicely and runs smooth. My Ubuntu server was given the address 10.42.43.1 (assuming standard from Network-Manager). (On the Ubuntu machine that shares to my wireless router; I have some server apps installed, but mainly just use Samba/NFS/Tangerine action. My problem/goal is that every device has no problem of accessing the internet from my router, the media-center has an assigned ip address, all services from all devices (ZeroConf, Avanhi, Bonjour, GIT, SSH, FTP, Apache2, etc) all work correctly except from my Ubuntu Server (which serves the wireless connection to ETH0 to another Wireless Router). The Ubuntu 10.10 Server/Desktop is not broadcasting anything (the Zeroconf Service Discovery 0.4 Gnome Applet shows the services from the Ubuntu server but no other computers can see them). I can access it from my Media-Center (Running Xbuntu 10.04) if I direct it to 10.42.43.1, no problem. But I cannot access Tangerine (Daapd) and the Samba shares do not show up on any computers for 10.42.43.1 (not in the WORKGROUP which Samba is setup simple and default but I can direct computers to that address and the shares will add except on a damn Windows 7 parition). Is this an issue with how I have my router setup and possible the gateway? An issue with Network-Manager? And issue with my Ubuntu Server/Desktop? I know there is a lot to that, but it's simpler than I probably have explained? Any help would be appreciated. If you need more details, I can provide them. If there is a better way of my attempting this home-network, please let me know. Thanks in advance for the help.

    Read the article

  • Active Directory - Lightweight Directory Services and Domain Password Policy

    - by Craig Beuker
    Greetings all, We have an active directory domain which enforces a strict password policy. Hooray! Now, for the project we are working on, we are going to be storing users of our website Microsoft's AD-LDS service as well as using that for authentication of our web users. By default, it is my understanding that AD-LDS inherits its password policy from the domain of the machine it's installed on. Is there any way to break that link such that we can define a lighter password policy (or none if we so choose) for users in AD-LDS without affecting our domain? Note: AD-LDS is going to be hosted on a machine which is part of the domain. Thanks in advance.

    Read the article

  • Reboot loop after sysprep of AD machine

    - by rboarman
    Major screw-up here and I need to find out how much trouble I am in. I have an AD machine that is running Server 2008 R2, hyperv, DHCP and DNS. On the hyperv machine, I have a backup AD instance running along with a handfull of other server 2008 instances. Sysprep was run on the hyperv machine instead of one of the instances. I am attempting to bring the machine back up so I can try a system restore. When I boot the hyperv machine, I get an error that says “Windows could not complete the installation. To install windows on this computer , restart the installation” This message occurs in safe mode, AD restore mode and in last known configuration mode. How can I get my OS to boot at this point? Do I need to reinstall 2008 R2 from scratch?

    Read the article

  • Dynamic group membership to work around no nested security group support for Active Directory

    - by Bernie White
    My problem is that I have a number of network administration applications like SAN switches that do not support nested groups from Active Directory Domain Services (AD DS). These legacy administration applications use either LDAP or LDAPS. I am fairly sure I can use Active Directory Lightweight Directory Services (AD LDS) and possibly Windows Authorization Manager to work around this issue; however I am not really sure where to start. I want to end up with: A single group that can be queried over LDAP/LDAPS for all it’s direct members LDAP proxy for user name and password credentials to AD DS Easy way to admin the group, ideally the group would aggregate the nested membership in AD DS. a native solution using freely available components from the Windows stack. If you have any suggestions or solutions that you have previously used to solve this issue please let me know.

    Read the article

  • Easy Linux distribution with newer packages than Ubuntu?

    - by sweetiecakes
    I'm a programmer and sysadmin, and I'm looking for a better Linux distro to use than Ubuntu. It certainly is a well-polished, nice distribution to use, but a lot of the programs available in the Ubuntu repositories are very old versions. Installing PPA's or compiling from source just isn't very nice. I'd love to use something like Arch Linux that uses a rolling release cycle, but I really don't want to configure my system from scratch, and support for ATI Catalyst drivers is necessary. I just want to pop the CD in, install and start using my computer - just like with Ubuntu. Additionally, if you know of a package like ubuntu-restricted-extras for the distribution, that'd be nice! What do you suggest?

    Read the article

  • Group policy applied to AD OU attributes

    - by Eric Smith
    I'm not well-versed in AD, so would like to resolve a question I have with regards to AD information. I understand that it is possible to apply group policy to OU's, thereby restricting access. What I'd like to know is, is it possible to do the same with OU attributes. Some context would help. There's a requirement to store address information in AD (IMO, a natural fit), but for various reasons, although obviously things like name should be globally accessible, access restrictions are desired on the address. In this case, is it possible to apply security to the address portion of the OU attributes, or does each address have to be broken into a separate OU (a solution that feels smelly given that address doesn't have identity)?

    Read the article

  • iphone application ad-hoc installation on windows gives invalid certificate error

    - by Lorenzo Boccaccia
    I've an application that need to be deployed to some testers. those with windows machine are reporting that the certificate used for signing the application couldn't be installed because of an unknown critical extension (1.2.840.113635.100.6.1.4) is there a way to make that critical extension known to windows (vista 64bit specifically)? I'm guessing that all this system of extension give user the ability to register callbacks to interpret the various added extensions (it would be totally useless otherwise)

    Read the article

  • AD account locks out when using Outlook 2007?

    - by Down Town
    Hi, I/we have a problem with our Windows Server 2008 forest and Exchange. We are buying Exchange hosting from another firm and Exchange Server is in their Windows Server 2008 forest. So, we have two forests and there isn't any trusts between these two forests. Our own forest logon name is [email protected] and we also use the same email address to logon to the Exchange mailbox. Everything works fine if both our AD account and Exchange mailbox account have the same password, but if the passwords don't match, our AD account gets locked out. I have tried to figure out why Outlook sends false logon attemps to our AD. If someone can help, please do.

    Read the article

  • Best Timing for Windows AD Domain Name Change

    - by Cliff Racer
    A while back when I first started with my company, the domain had already been set up using a "xxx.net" DNS name for the internal AD namespace. The shortname is just fine and I feel no need to change it but I have always hated how we used an internet DNS name for our internal AD. We are planning an AD upgrade from 2003 to 2008R2 and I would like to work this DNS name change if possible. I know there are procedures for doing a full domain name change but my question is: Is a FULL domain name change neccessary if all I want to change is the internal DNS name of the domain? Would it be better to do this change after the 2008R2 domain upgrade?

    Read the article

  • Migrating LDAP user and password to SAMBA4 AD

    - by Rudy Dajoh
    As title suggests. We are migrating from OpenLDAP as user authentication to Samba 4 AD Domain. But I can't find any information on how to transfer passwords and users to Samba 4 AD. How to migrate all LDAP user base at ou=People,dc=company,dc=com to samba 4 AD domain? I don't need to assistance transferring everything, I only need to transfer user accounts. I've finished migrating them all but user/passwords. Can it be done? If so, how?

    Read the article

  • Changing LDAP schema casts Confluence AD integration unoperable

    - by Maxim V. Pavlov
    I have had our instance of Atlassian Confluence configured to be integrated with our Active Directory. In AD, all the users were being created under default Users folder in Active Directory Users and Computers. We have decided to introduce cleaner separation and have created an Organizational Units structure in AD. Under root we have created Managed OU, and under it - Users OU and all user accounts were moved under Users OU. Now I though that to let the Confluence AD integration engine "know" where to look for user accounts now, I only need to adjust the BaseDN and prepand it with ou=Managed so it is aware that it is looking for cn=Users but under ou=Managed. That didn't work. How should I adjust LDAP schema root in a client application for it to be able to look for users in OU that then in a default folder.

    Read the article

  • XP/Intel wirelss only showing 'hpsetup' ad-hoc network that isn't there

    - by ewall
    Trying to help my friend with her work XP laptop, which recently stopped seeing any wireless SSIDs except the SSID 'hpsetup' (presumably from a wireless-enabled HP printer). Relevant information: The laptop is a Lenovo T500 (Centrino 2 chipset) with XP SP3. The network adapter is Intel WiFi Link 5300 AGN (built-in). The latest version (13.5) of the Intel drivers only are installed, not the Intel config software, so XP is using the Wireless Zero-Config manager. The wireless router is a NetGear WGR614 v7 with 802.11b/g. The SSID is broadcasting, and all the other laptops in the house can see and connect to it. On the laptop, I have tried repairing the network connection, disabling power management, turning off 802.11a & n radio, and more... but it didn't help. Some of the wireless settings are managed by Group Policy from her office (I get the "At least one of your changes was not applied successfully to your wireless configuration" message). It is enforced to connect to "Access point (infrastructure) networks only". The real kicker is that my laptop does not an SSID named 'hpsetup' here, but it can see several broadcasted SSIDs including the one we want, while my friend's laptop doesn't see any SSID except 'hpsetup'. Any suggestions?

    Read the article

  • Setting up and moving a distribution group to a public folder in Exchange 2003

    - by Sevdarkseed
    I'm looking for some advice with something that seems simple but I haven't done before. Currently we use a distribution group called Orders that has an email address that is that forwarded to four people in the company, the same goes for another one, Quotes. The problem is, of course, no one knows what was answered, and all the email gets worked in to the individual user's emails, so I'm thinking that a public folder, only accessible by one department would be the answer. I'm not sure what the best way to set this up would be or how to move/convert the current distribution list over to a public folder. This is a very critical email address in the company, so I'm trying to be sure that there is zero down time at all for it. What would be the best way to go about creating a public folder and converting/forwarding/moving/(whatever) over the current email address to that folder?

    Read the article

  • AD-hoc Windows Server 2008

    - by Filipe Costa
    Hello. I've installed Windows Server 2008 and i need to share the wireless network. In the old OS, the XP, i have the option to share the internet, but here in Windows Server 2008 i can find that option. How can i solve this? Thank you.

    Read the article

  • How to prevent slow printer performance when AD is not available

    - by AKoran
    When I take a domain based computer (Windows XP) and plug it into a network that doesn't have access to the AD, the first time I select a local printer (printing directly to printer) on the current network it takes a good 20-30 seconds before I can select the printer. Doing a little investigating using wireshark I can see the computer is trying to hit AD for some reason and it just keeps timing out. I also tried the same experiment with just a plain workgroup computer and it was able to bring the printer up immediately. Does anyone know how to prevent the machine from trying to contact AD?

    Read the article

  • Choosing a Linux distribution

    - by Luke Puplett
    Dangerous territory with this question so please try to be impartial and instead focus on what to look for when choosing a Linux distribution. I'm completely new to Linux. I thought it'd never happen but I need to have a Linux box to play with and I have a spare fanless Atom PC (32-bit only). I'll be using the machine as a non-commercial hobby server, the trouble is, I don't even know how to compare Linux distributions and why people pick one over another. If anything, I want to have an easy install from USB stick. My question is: what do you look for when choosing a (free?) Linux distribution for a server? If you can, please explain what sorts of things actually differ between one and another without saying which you think is better, just the facts. The way I see it, Linux as a server is just an SSH console and I find it hard to imagine what could be different between one and another.

    Read the article

  • After binding Mac to AD, first login successfully creates mobile account and logs in, after that next login locks AD account

    - by user132844
    Mac os x 10.7 and 10.8 AD Server 2008 R2 Binding using AD Plugin or dsconfigad -add mydomain -username myuser -ou "OU=Computers,OU=Sites,OU=Mysite,DC=mycompany,DC=com" Works fine. First login happens fine. Creates mobile account, no issues noticed. After I logout, the next login attempt fails, and after only shaking one time, their AD account is locked out. opendirectory.log makes a vague mention of account being expired but honestly I don't see much in the logs that pops out as useful. Any help?

    Read the article

< Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >