Search Results

Search found 2905 results on 117 pages for 'ad hoc'.

Page 12/117 | < Previous Page | 8 9 10 11 12 13 14 15 16 17 18 19  | Next Page >

  • Setup NTPD in Ubuntu to sync Windows AD

    - by David
    I am setting up my Ubuntu 10.0.4 server to sync clock with a Windows 2008 AD. As none of the "remote" has a "*" in front (worst it had a blank space in front), does it mean no time sync source is selected? The offset just keep increasing. I tried ntpdate to the same server it worked OK. remote refid st t when poll reach delay offset jitter ============================================================================== 172.18.133.201 .LOCL. 1 u 38 64 377 0.827 277.677 58.375 Any help to fix this? Here is my ntp.conf (with all comments removed) driftfile /var/lib/ntp/ntp.drift statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery restrict 127.0.0.1 restrict ::1 server 172.18.133.201 iburst

    Read the article

  • Blocking password policy (expiry) for a particular OU in AD

    - by Kip
    Hey SF Folks, Situation is this: I need to have a particular container in my AD environment which blocks password expiry policy, but accepts all other policies. Is this something that would work by simply adding in a GPO at the sub-ou level (the ou in question is a child of ou's where GPO's including password stuff is set). These accounts (and this ou) already exist and will have the default domain policy as well as other policies applied and they should continue to receive policy settings as per those GPO's, with the exception of the Password Expiry. We have tried the password do not expire tickbox and that seems not to have worked. Thanks in advance. Kip

    Read the article

  • gpupdate failing when using Samba 4 AD DC

    - by darthfoolish
    I have a Samba 4 AD domain running with 2 DCs on Centos 6.5, with a named DNS backend. I have multiple Windows 7 machines joined to this domain, which is fine. However, I can't get GPOs to apply. When running gpupdate, I get the following output The processing of Group Policy failed. Windows attempted to read the file \\sysvol\\Policies{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini Obviously, you don't normally see what it's trying to connect to when it's successful, but I would have thought the first place shows up, I should be seeing So, what governs what data gets put in between those angle brackets? If it is just supposed to be the domain, then what else could be going wrong? Thanks in advance for any help.

    Read the article

  • Windows AD, bulk user creation, homedrv creation via commandline

    - by Neil
    I am Bulk creating AD users from the commandline (dsadd) and whilst doing so am setting the homedir and homedrv to a DFS location. I observe when I create the user with all these settings via the GUI (dsa.msc) that the homedrv gets created on the DFS share with all the permissions set correctly. But when using dsadd, the folder is not created. How can I replicate this GUI behaviour via the commandline when creating the user? I don't really want to rely on logon scripts to set it up. Do I have to use mkdir and cacls and something else to give the user Ownership? Or maybe I am missing something easy. Any help much appreciated!

    Read the article

  • Authenticating Linux users against AD without Likewise Open

    - by Graeme Donaldson
    Has anyone got their Linux systems authenticating against Active Directory without using Likewise Open? We are close to implementing Likewise Open, but first we need to rename roughly 70 of 110 Linux servers so that their hostnames are not longer than 15 characters. This is required because Likewise Open actually joins the Linux computer to the domain, and it fails to do so if the hostname is too long due to some legacy NetBIOS naming limitation. Is there a way to authenticate via AD, using only LDAP perhaps? What are the advantages/disadvantages over doing it like that vs just using Likewise?

    Read the article

  • What Defines an AD Object as "Inactive"

    - by Malnizzle
    I am going to be using some DSQUERY/DSMOVE scripts to clean up my AD Domin. One option is to move inactive objects to a OU that has restrictive GPOs applied to it. Something like: DSQUERY computer -inactive 10 | DSMOVE -newparent <distinguished name of target OU> My question is what value defines an object, both user and computer, as "inactive" for a period of time? Is it the last time a computer was logged on to for computer accounts, and for users is it the last time that the user account logged on to a computer? But what if, say for example, I had a web server that wasn't rebooted and or logged into for a couple of months but remain powered on and functioning as normal, would it be defined as "inactive" where as technically it's still serving web pages and so on? Thanks for the help!

    Read the article

  • squid3 auth thru samba using ntlm to AD doesn't work

    - by derty
    some users here are spending to much time exploring the WWW. So big boss whats to get this under control. We use a squid3 just for some security reason and chace benefits. and now i'm trying to set up a new proxy on a different server (Debian 6) Permissions are defined in AC and the squid3 should get the auth thru samba/winbind by using the ntlm protocol. but i'll get all the time Access, denited. it only works by using LDAP but thats not the way i need it. here some log and confs squid access.log 1326878095.784 1 192.168.15.27 TCP_DENIED/407 4049 GET http://at.msn.com/? -NONE/- text/html 1326878095.791 1 192.168.15.27 TCP_DENIED/407 4294 GET http://at.msn.com/? - NONE/- text/html 1326878095.803 9 192.168.15.27 TCP_DENIED/403 4028 GET http://at.msn.com/? kavan NONE/- text/html 1326878095.848 0 192.168.15.27 TCP_DENIED/403 3881 GET http://www.squid-cache.org/Artwork/SN.png kavan NONE/- text/html 1326878100.279 0 192.168.15.27 TCP_DENIED/403 3735 GET http://www.google.at/ kavan NONE/- text/html 1326878100.296 0 192.168.15.27 TCP_DENIED/403 3870 GET http://www.squid-cache.org/Artwork/SN.png kavan NONE/- text/html 1326878155.700 0 192.168.15.27 TCP_DENIED/407 4072 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml - NONE/- text/html 1326878155.705 2 192.168.15.27 TCP_DENIED/407 4317 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml - NONE/- text/html 1326878155.709 3 192.168.15.27 TCP_DENIED/403 4026 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml kavan NONE/- text/html squid chace 2012/01/18 10:12:49| Creating Swap Directories 2012/01/18 10:12:49| Starting Squid Cache version 3.1.6 for x86_64-pc-linux-gnu... 2012/01/18 10:12:49| Process ID 17236 2012/01/18 10:12:49| With 65535 file descriptors available 2012/01/18 10:12:49| Initializing IP Cache... 2012/01/18 10:12:49| DNS Socket created at [::], FD 7 2012/01/18 10:12:49| DNS Socket created at 0.0.0.0, FD 8 2012/01/18 10:12:49| Adding nameserver 192.168.15.2 from /etc/resolv.conf 2012/01/18 10:12:49| Adding nameserver 192.168.15.19 from /etc/resolv.conf 2012/01/18 10:12:49| Adding nameserver 192.168.15.1 from /etc/resolv.conf 2012/01/18 10:12:49| Adding domain schoenbrunn.local from /etc/resolv.conf 2012/01/18 10:12:49| helperOpenServers: Starting 5/5 'squid_ldap_auth' processes 2012/01/18 10:12:49| helperOpenServers: Starting 10/10 'ntlm_auth' processes 2012/01/18 10:12:49| helperOpenServers: Starting 10/10 'squid_kerb_auth' processes 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| helperOpenServers: Starting 5/5 'squid_ldap_group' processes 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| Unlinkd pipe opened on FD 73 2012/01/18 10:12:49| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2012/01/18 10:12:49| Store logging disabled 2012/01/18 10:12:49| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2012/01/18 10:12:49| Target number of buckets: 1008 2012/01/18 10:12:49| Using 8192 Store buckets 2012/01/18 10:12:49| Max Mem size: 262144 KB 2012/01/18 10:12:49| Max Swap size: 0 KB 2012/01/18 10:12:49| Using Least Load store dir selection 2012/01/18 10:12:49| Set Current Directory to /var/spool/squid3 2012/01/18 10:12:49| Loaded Icons. 2012/01/18 10:12:49| Accepting HTTP connections at [::]:3128, FD 74. 2012/01/18 10:12:49| HTCP Disabled. 2012/01/18 10:12:49| Squid modules loaded: 0 2012/01/18 10:12:49| Adaptation support is off. 2012/01/18 10:12:49| Ready to serve requests. 2012/01/18 10:12:50| storeLateRelease: released 0 objects smb.conf # Domain Authntication Settings workgroup = <WORKGROUP> security = ads password server = <DOMAINNAME>.LOCAL realm = <DOMAINNAME>.LOCAL ldap ssl = no # logging log level = 5 max log size = 50 # logs split per machine log file = /var/log/samba/%m.log # max 50KB per log file, then rotate ; max log size = 50 # User settings username map = /etc/samba/smbusers idmap uid = 10000-20000000 idmap gid = 10000-20000000 idmap backend = ad ; template primary group = <ad group> template shell = /sbin/nologin # Winbind Settings winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind netsted groups = Yes winbind nested groups = Yes winbind cache time = 10 winbind use default domain = Yes #Other Globals unix charset = LOCALE server string = <SERVERNAME> load printers = no printing = cups cups options = raw ; printcap name = /etc/printcap #obtain list of printers automatically on SystemV ; printcap name = lpstat ; printing = cups squid.conf auth_param ntlm program /usr/bin/ntlm_auth --require-membership-of=<DOMAINNAME>\\INTERNETZ --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 10 auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b "dc=<dcname>,dc=local" -D "cn=administrator,cn=Users,dc=<domainname>,dc=local" -w "******" -f sAMAccountName=%s -h 192.168.15.19:3268 auth_param basic realm "Proxy Authentifizierung. Bitte geben Sie Ihren Benutzername und Ihr Passwort ein!" #means insert you PW in an other language - # external_acl_type InetGroup %LOGIN /usr/lib/squid3/squid_ldap_group -R -b "dc=<domainname>,dc=local" -D "cn=administrator,cn=Users,dc=<domainname>,dc=local" -w "******" -f "(&(objectclass=person)(sAMAccountName=%v) (memberof=cn=%a,cn=internetz,dc=<domainname>,dc=local))" -h 192.168.15.19:3268 auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d auth_param negotiate children 10 auth_param negotiate keep_alive on acl localnet proxy_auth REQUIRED acl InetAccess external InetGroup Internetz http_access allow InetAccess http_access deny all acl auth proxy_auth REQUIRED http_access allow auth and a very suspicious is that by adding the proxy server to the Domain i see 2 new entries in the PC one with the original computer-name leopoldine and one with leopoldine CNF:f8efa4c4-ff0e-4217-939d-f1523b43464d ?!? I tried a lot, really... but i stuck on this problem... i actually i even reinstalled all dependent programs and reconfigured them from default. Group exists and has me in it. Firefox running on the old proxy and i use IE for testing the new one. But i'll get all the time Access-Denited and to be honest i'm quite a beginner, so please don't be to prude. I'll interested in improving, i'll get the information we need to fix this but i started working 2 month ago and got only 1 1/2 year's training and not a single sec. in linux ;)

    Read the article

  • Specify Credentials to run Powershell Script to Query AD

    - by Ben
    I want to run a powershell script to query AD from a machine that is NOT on the domain. Basically I want to query to see if there is computer account already on the domain for this machine and create it if there is not. Because this has to happen before the machine joins the domain I assume I will need to specify some credentials to enable it to run. (I'm pretty new to Powershell, so apologies if this is a newbie question!) The script I am using to check the account is below, and then once this has run it will join the domain using the computername specified. Can you tell me how to specify some domain credentials to run this section of the script as? Cheers, Ben $found=$false $thisComputer = <SERVICE TAG FROM BIOS> $ou = [ADSI]"LDAP://OU=My Computer OU,DC=myDomain,DC=com" foreach ($child in $ou.psbase.Children ) { if ($child.ObjectCategory -like '*computer*') { If ($child.Name -eq $thisComputer) { $found=$true } } } If ($found) { <DELETE THE EXISTING ACCOUNT> }

    Read the article

  • SBS 2008 - Add user not seeing AD users (reconnecting or creating new mailbox)

    - by Robert
    Using SBS 2008 - completely updated. I was originally trying to create a spam mailbox for quarantine purposes, and when I bring up the "select an existing user" it does not display any of the domain users (other than QB database user accounts installed on their server). I have tried changing the scope and still nothing. Searching reveals nothing either. Then later I noticed that we had (1) disconnected mailbox, and I tried to reconnect it to the AD user - and I got the same results. Help would be much appreciated.

    Read the article

  • Printer monitor software across multiple workstations (AD integrated)

    - by HannesFostie
    I was asked to see if there is any kind of (free) software that allows multiple people in an office that use the same printer to see what jobs have finished recently, which are queued and which is printing. Main reason is that sometimes multiple people have the same task where they need to print some kind of form, and they are unsure whether or not their colleague has already printed the file. Because the printer is AD integrated, they only see a short message when printing, but they do not see a proper printer queue. A simple tray icon/tool would be perfect, no real graphical user interface is required. If this turns out to be too hard to find, I will attempt to write a simple application or script for the job, but since this is a low priority job I decided to ask here first before I start messing around with scripting which isn't my forte. Thanks

    Read the article

  • Backup software for Windows Server 2008 R2 Enterprise with 4 virtual machines (Exchange, SQL, AD, SharePoint)

    - by MadBoy
    What are the options for backup software for: HOST - Windows Server 2008 R2 Enterprise with HyperV VIRTUAL - Windows Server 2008 R2 Enterprise with Exchange 2010 VIRTUAL - Windows Server 2008 R2 Enterprise with SQL Express / SharePoint VIRTUAL - Windows Server 2008 R2 Enterprise with Terminal Services (10 users working on it) VIRTUAL - Windows Server 2008 R2 Enterprise with AD/DNS What I'm looking at is possibility of having an offsite backup thru FTP, maybe copy to usb/esata/lan drives for easy taking backup data outside of company. What I've been looking at: - Symantec Exec Backup 2010 System Recovery has an offsite backup but I would need 5 licenses and it doesn't have granular recovery. - Symantec Exec Backup 2010 seems OK but a bit expensive - Microsoft DPM 2010 requires full SQL Standard and for each machine I would need 4 Enterprise licenses. But does it allow Offsite backup without need for additional license and server outside of company (for doing DPM backup of DPM). What other options? This is 10 people company and so the costs matter but also convenience and security. Offsite backup is requirement.

    Read the article

  • Single Exchange 2007 server - two AD domains

    - by TheCleaner
    CURRENT: single domain, single Exchange 2007 NEW: two domains, single Exchange 2007 Can this be done? Details: Current setup is a single W2k3 domain with a single Exchange 2007 server. We are merging with another company that currently hosts their email with their ISP via POP3. We'd like to start hosting their email on our Exchange server using their existing domain SMTP addresses. They don't have an AD domain at all at the moment. Recommendations? Can I do this with a trust between the 2 domains? Requirements: They can't have multiple SMTP addresses on both domains...such as I've seen with articles pointing to "hosting multiple domains". I want companyA to have the same account settings they've always had...companyB to have the same SMTP address they've had and not an additional one on the current companyA Exchange domain. They should be able to collaborate (calendar, contacts, GALs) but should still be distinguishable based on which company they "work for". Please help...thanks!

    Read the article

  • MOSS 2007 Sharepoint Shared Services AD Import SQL/Search Error prevents user import

    - by TrevJen
    When attempting to import new AD users (Shared Services Administration Shared Service User Profiles and Properties) I receive an error on the top of the User Profiles and Properties page. "An error has occurred while accessing the SQL Server database or the Office SharePoint Server Search service. If this is the first time you have seen this message, try again later. If this problem persists, contact your administrator." I have tried the following: Rebooted server Checked service account permissions and passwords Checked the MIPSCHEDULEDJOB table to ensure all 6 required entries are there.

    Read the article

  • How to make AD highly available for applications that use it as an LDAP service

    - by Beaming Mel-Bin
    Our situation We currently have many web applications that use LDAP for authentication. For this, we point the web application to one of our AD domain controllers using the LDAPS port (636). When we have to update the Domain Controller, this has caused us issues because one more web application could depend on any DC. What we want We would like to point our web applications to a cluster "virtual" IP. This cluster will consist of at least two servers (so that each cluster server could be rotated out and updated). The cluster servers would then proxy LDAPS connections to the DCs and be able to figure out which one is available. Questions For anyone that has had experience with this: What software did you use for the cluster? Any caveats? Or perhaps a completely different architecture to accomplish something similar?

    Read the article

  • AFP AD ACL permissions issues with external drive

    - by AlanGBaker
    Mac OS X Server 10.4.11 connected to an AD domain system serving AFP shares to Mac OS X 10.5.8. If I create a share on the the internal RAID of the server with an ACL that allows RW to all ("Domain Users"), then it works, but a share created identically on the external RAID appliance (Drobo v2) doesn't. When the share from the Drobo is mounted, it shows no sign that it has any ACLs associated with it: neither in the Finder (Get Info), nor when checked via the terminal with "ls -lae". The Drobo does show that the ACLs exist when I ssh into the server and check it there, but when the clients mount that share, they just... ...disappear. Any thoughts?

    Read the article

  • Publishing and setting permissions to a Linux share to AD

    - by blsub6
    I have a Linux share that I want to publish to users on my Active Directory domain. I'd like to be able to control the permissions to access that share using security groups. So say I have a share named "Share" on my Linux machine named "Linux" with IP address 192.168.1.2. I publish \\192.168.1.2\Share in AD and make it so that only people who are part of the "IT" security group can access it. What's to stop anyone who's not in the "IT" security group from just going to explorer and typing in \\192.168.1.2\Share or \\Linux\Share into their Explorer to access this share? Do I need to set up permissions on the Linux file server?

    Read the article

  • Grant relay to servers based on AD security group membership

    - by john
    We're moving our relay from an Exchange 2003 server to an Exchange 2010 server. I was hoping the "Grant or deny relay permissions to specific users or groups" option would still be available in some form, but I can't find out how to do it. I've read up on recieve connectors and so far I can't get it to work. I have edited the security on the Recieve Connector to allow the following extended rights to the group and added computer accounts to that group: Accept Routing Headers Bypass Anti-spam Submit to Server Accept any Sender Accept any Recipient Then I suddenly realised while testing... How would the receive connector resolve the permission to a particular AD object, maybe a reverse DNS lookup? What I'd like to know is if what I'm trying to achieve is possible, and how it would be possible. I would rather not revert to an IP-based list as this is not as manageable, and I'm trying to avoid creating static IPs/reservations for a number of workstations that would otherwise not need them.

    Read the article

  • Can arbitrary email addresses be stored in AD userPrincipalName?

    - by Rob Potter
    I have a web app that is front-ended by ISA, natively authenticating against AD. All users currently log on with sAMAccountName. I would like to allow users to provide a personal email address and be able to authenticate against this instead. From what I understand the AD userPrincipalName is typically used for an internally generated logon name, which by convention, is often their internally generated email address. The web app that I have is web scale (circa 3 million accounts*) and not an internal, corporate app, so the email addresses will be from diverse domains. Can I just set the AD userPrincipalName attribute to the user's email address, and then will ISA natively authenticate against this attribute instead? I heard rumours of AD having a maximum number of domain suffixes that it allows in AD userPrincipalName...? (presumably it catalogues them). [*I realise that AD is not the ideal authentication directory for a user population of this scale.]

    Read the article

  • Windows Web Server in DataCenter Authenticate with AD in Office

    - by Viper Venom
    Hi, We would like to have put a File Server in DataCentre to allow user to upload/download files when they are home. Since we have hundreds of users and would like to let the user to authenticate with the existing AD in our office. Basically, I will setup the IIS server to allow users to list various directories in the File Server based on their user group. For example, Group A will have list the D:\Files\A and the Group B will have list the D:\Files\B ...etc. After some initial study, I found that the PPTP based Site to Site VPN might fit our need to do the authentication part but I still don't have any idea on how to let them upload files to the server. Is there any suggestions such as any better option to do this (either authentication or upload part) or any area I need to be careful of? Thank you in advance.

    Read the article

  • trouble with AD and profile import

    - by GeorgeWNYC
    I am involuntary Admin for a MOSS 2007 site. We use profile import from AD, from two domains: Mycompany.com and AM.MyCompany.Com I was looking at the log for the PEOPLE_DL_IMPORT Content source and it has many entries like: spsimport://?$$dl$$/MyCompany.com/MyCompany.com/MyCompany.com/am.MyCompany.com/MyCompany.com/am.MyCompany.com/MyCompany.com/am.MyCompany.com/am.MyCompany.com/MyCompany.com/am.MyCompany.com/am.MyCompany.com/am.MyCompany.com/MyCompany.com/MyCompany.com/am.MyCompany.com/am.MyCompany.com It certainly doesn't look right. Is this normal? What can I do to remedy it ? Can I start over? There are users already in SP and some of them are in SP groups for permission purposes.

    Read the article

  • join ZFS/Solaris to windows AD 2003/2008 domain

    - by user95587
    I have a client trying to join his newly updated ZFS/Solaris box to my Windows AD 2003/2008 domain. Here is the command he is using and the error he is getting; Console: root@xxx:/etc/inet# smbadm join -u USER DOMAIN After joining DOMAIN the smb service will be restarted automatically.Would you like to continue? [no]: yes Enter domain password: Joining DOMAIN ... this may take a minute ... failed to join DOMAIN: UNSUCCESSFUL Please refer to the system log for more information. From /var/adm/messages: Sep 22 10:12:00 xxx smbd[593]: [ID 702911 daemon.error] smbrdr_exchange[116]: failed (-3) Sep 22 10:12:01 xxx smbd[593]: [ID 232655 daemon.notice] ldap_modify: Insufficient access Sep 22 10:12:01 xxx smbd[593]: [ID 898201 daemon.notice] Unable to set the TRUSTED_FOR_DELEGATION userAccountControl flag on the machine account in Active Directory. Please refer to the Troubleshooting guide for more information. Sep 22 10:12:01 xxx smbd[593]: [ID 526780 daemon.notice] Failed to establish NETLOGON credential chain Sep 22 10:12:01 xxx smbd[593]: [ID 871254 daemon.error] smbd: failed joining DOMAIN (UNSUCCESSFUL)

    Read the article

  • Cant Add Columns to a AD Task pad except for the top level of the domain

    - by Darktux
    We are working on Active Directory taskpads application for user management in our organization and facing stange issue. When we create a taskpad, and when we are at top level of the domain, i can click view - Add/Remove Columns and add "Pre Windows Name" (and lots of other properties) to the taskpad as columns, but when i just go 1 level down , i can only see "Operating System" and "Service Pack" ; why is it happening , isnt "Domain Admins" supposed to god access to all the things in AD domain , atleast of objects they own? It is important to have "Pre Windows 2000" Name as a column begause with out that our "Shell Command" task wont show up in taskpads, since its bound to parameter "Col<9" (which is pre qindows name). Please do let me know if any additions questions to clarify my problem.

    Read the article

  • Please provide how to setup using VMware, AD [closed]

    - by user552585
    In my organisation we have more than 100 pcs and high configured 3 IBM servers. Now the senario is 300 employees with diff programmers like .Net,java,php etc. these employees use by these systems only in diff shifts without stop their work. I want all applications required them on every system and they have perticular id, Pw to login and i have to secure the organisation data and userdata to tamper or any thing by other users. Please provide how to setup using VMware, AD with MicroSoft environment with fully secured manner. please give brief explanation. Please help me

    Read the article

  • New AD-DC in a new Site is refusing cross-site IPv4 connections

    - by sysadmin1138
    We just added a new Server 2008 (sp2) Domain Controller in a new Site, our first such config. It's over a VPN gateway WAN (10Mbit). Unfortunately it is displaying a strange network symptom. Connections to the SMB ports (TCP/139 and TCP/445) are being actively refused... if the connection is coming in on pure IPv4. If the incoming connection is coming by way of the 6to4 tunnel those connections establish and work just fine. It isn't the Firewall, since this behavior can be replicated with the firewall turned off. Also, it's actually issuing RST packets to connection attempts; something that only happens with a Windows Firewall if there is a service behind a port and the service itself denies access. I doubt it's some firewall device on the wire, since the server this one replaced was running Samba and access to it from our main network functioned just fine. I'm thinking it might have something to do with the Subnet lists in AD Sites & Services, but I'm not sure. We haven't put any IPv6 addresses in there, just v4, and it's the v4 connections that are being denied. Unfortunately, I can't figure this out. We need to be able to talk to this DC from the main campus. Is there some kind of site-based SMB-level filtering going on? I can talk to the DC's on campus just fine, but that's over that v6 tunnel. I don't have access to a regular machine on that remote subnet, which limits my ability to test.

    Read the article

  • How to Setup Sharepoint Extranet to authenticate against a dmz AD

    - by Satish
    I have a web app which is extended to extranet for our clients to access. We have setup a different AD server and domain for dmz and clients have to be authenticated against that domain. I'm little confused about the setup especially what all web.config files I have to update. Do I have to update the web.config file for Central admin site and the extended web app. According to this blog I need to do update both, but as soon as I make the changes in the web.config for central admin, central admin site stops working. Here is what I added to the central admin web.config file between /Sharepoint and system.web I have this <connectionStrings> <add name="DMZConnectionString" connectionString= "LDAP://dmz.xxx.com:389/OU=Clients,DC=dmz,DC=xxx,DC=com "/> Between system.web and securityPolicy <membership defaultProvider=”DMZADProvider“> <providers> <add name="DMZADProvider" connectionStringName="DMZConnectionString" connectionUsername="DMZ\ldapUser" connectionPassword="Password" enableSearchMethods="true" attributeMapUsername="userPrincipalName" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership> I know the connectionusername and password works becuase I use the same in SSP for importing profiles. Any idea what might be causing the error?

    Read the article

< Previous Page | 8 9 10 11 12 13 14 15 16 17 18 19  | Next Page >