Search Results

Search found 6090 results on 244 pages for 'digest authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 159/244 | < Previous Page | 155 156 157 158 159 160 161 162 163 164 165 166  | Next Page >

  • ReadyNAS Duo - FTP home network connectivity issue

    - by dwabyick
    I have a ReadyNas Duo that I recently purchased and configured on my local home network. I'm an AT&T DSL subscriber using their default 2701HG-B Gateway (2Wire) wireless router. Basically, I have managed to configure my ReadyNAS, and can access HTTP shares and WINS shares just fine, but cannot get access to it via FTP. I've enabled it in the 'Standard File Protocols' section in the UI, and made a share have read/write default access via FTP. My settings: Port: 21 Authentication mode: User Allow upload resumes: Yes Passive ports: 1024-65535 Masquerade as: (empty, but I've tried the internal IP address). I've even poked around at my router, which has a firewall, and even tried to poke a hole for the 'FTP Server'app for the ReadyNAS. Doesn't seem like I should need to do this, or should. Any ideas what else to check? Thanks! -Daniel

    Read the article

  • Looking for feedback on a first SAML implementation.

    - by morgancodes
    Hello, I've been tasked with designing a very simple SSO (single sign-on) process. My employer has specified that it should be implimented in SAML. I'd like to create messages that are absolutely as simple as possible while confirming to the SAML spec. I'd be really grateful if some of you would look at my request and response messages and tell me if they make sense for my purpose, if they include anything that doesn't need to be there, and if they are missing anything that does need to be there. Addionally, I'd like to know where in the response I should put additional information about the subject; in particular, the subject's email address. The interaction needs to work as follows: 1) User requests service from service provider at this point, the service provider knows nothing about the user. 2) Service provider requests authentication for user from identity provider 3) User is authenticated/registered by identity provider 4) Identity provider responds to Service provider with authentication success message, PLUS user's email address. Here's what I think the request should be: <?xml version="1.0" encoding="UTF-8"?> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="abc" IssueInstant="1970-01-01T00:00:00.000Z" Version="2.0" AssertionConsumerServiceURL="http://www.IdentityProvider.com/loginPage"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> http://www.serviceprovider.com </saml:Issuer> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">3f7b3dcf-1674-4ecd-92c8-1544f346baf8</saml:NameID> </saml:Subject> Here's what I think the response should be: <?xml version="1.0" encoding="UTF-8"?> <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://www.serviceprovider.com/desitnationURL" ID="123" IssueInstant="2008-11-21T17:13:42.872Z" Version="2.0"> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0"> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">3f7b3dcf-1674-4ecd-92c8-1544f346baf8</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser"> <saml:SubjectConfirmationData InResponseTo="abc"/> </saml:SubjectConfirmation> </saml:Subject> <saml:AuthnStatement AuthnInstant="2008-11-21T17:13:42.899Z"> <saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion> </samlp:Response> So, again, my questions are: 1) Is this a valid SAML interaction? 2) Can either the request or response xml be simplified? 3) Where in the response should I put the subject's email address? I really apprecaite your help. Thanks so much! -Morgan

    Read the article

  • Can Windows log CryptoAPI CRL timouts?

    - by makerofthings7
    We have several .NET applications that occasionally "act slow" with no CPU or disk access. I suspect that they are hung up on authentication when trying to validate the certificate, since the timeout is almost 20 seconds. As per this MSFT article Most applications do not specify to CryptoAPI to use a cumulative time-out. If the cumulative time-out option is not enabled, CryptoAPI uses the CryptoAPI default setting which is a time-out of 15 seconds per URL. If the cumulative time-out option specified by the application, then CryptoAPI will use a default setting of 20 seconds as the cumulative timeout. The first URL receives a maximum timeout of 10 seconds. Each subsequent URL timeout is half of the remaining balance in the cumulative timeout value. Since this is a service, how can I detect and log CryptoAPI hangs for applications I have sourcecode to, and also 3rd party

    Read the article

  • Can we have Linked Servers when using NTLM?

    - by BlueRaja
    I don't have access to the Active Directory settings, nor do I have access to change anything on the linked server. From everything I've read, it seems like this means I cannot use Kerberos - which is a big problem, because I don't know how to use a linked server without it. Is there any way to connect to a linked server without Kerberos? Exact problem description When I connect to the linked server while sitting in front of my server, it works fine; but when I try to connect to the linked server from any other computer (delegating through my server), it gives the error: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. (Microsoft SQL Server, Error: 18456) It seems that this is the "double-hop problem," and the usual solution is to enable Kerberos, which requires access to AD and the linked server. I get the same error when I set security to "Be made using the login's current security context," and I can't use "Be made using this security context" because that appears to use SQL-authentication (which is not enabled on the linked server) instead of NTLM

    Read the article

  • windows 2008 Server R2 Enterprise IIS 7 Unable to connect to Local network From Out Side

    - by rana sami akhtar
    i my company i had hosted a web page on live ip. external users can come to that page on server having IIS 7.. the problem is that on my page i placed three buttons one of internal exchange server , internal ftp server and internal Intranet. they are in internal network on different locations. i can come to main page but when i click the links the page not found error occurs. how can i reach all my internal servers that are running different services from internet through one page that can also authentication properly i am new please guide me step by step.

    Read the article

  • Is it a bad idea to run an asp.net app pool with the same identity as IIS's anon user?

    - by Andrew Bullock
    Subject says it all really, Thinking on security terms, I want to give each site on my server its own user account, so that they can't access each other's data. I also want to use integrated authentication for sql so i dont have any passwords knocking about in connection strings. Is it a bad idea to use the same account for the app pool identity and the anon user account for iis (im interested in answers for both v6 and 7)? Edit: ive seen this post describing how IIS7 allows you to automatically use the same account, but the question of whether its a good idea or not remains ;) If so, why? Thanks

    Read the article

  • Using PAM and vsftpd without root access

    - by Zizzencs
    I'm trying to set up a few vsftpd instances on a machine that I have no root access to. The authentication should be done through PAM with pam_listfile, like this: pam_listfile.so item=group sense=allow file=/path/filename onerr=fail I can ask the administrator to set up a PAM service for me and include that line but he is not willing to create 6 PAM services for my 6 vsftpd instances and I really need different /path/filename set for each vsftpd server. Is there a way to solve this problem? Can I somehow not use absolute path as the parameter? (I know the correct solution would be to use one vsftpd instance and set up virtual users properly. However unfortunately I have to work what I have and the users already exist in an Active Directory and are authenticated to the system using another PAM service.)

    Read the article

  • Using Ubuntu Karmic as an L2TP Client for VPN

    - by James Lawrie
    I'm trying to connect to a VPN service over L2TP using Karmic as a client and it's not working. The only details I have are the remote IP address, username & password, and a shared secret string; this is enough for Windows but doesn't appear to be enough for Ubuntu. I've tried using network-manager-vpnc and vpnc from the terminal to connect and I get "no supported authentication", and trying with OpenSwan it says "unable to identify either side of the connection". I'd really appreciate some help here if anyone else has implemented this successfully.

    Read the article

  • Set a login with username/password for SQL Server 2008 Express

    - by Ewald Stieger
    I would like to set a password and username for connecting to a server with SQL Management Studio 2008. I set up SQL Server 2008 Express on a customer's computer to host a DB used by an Access 2007 app. The customer should not be able to access the DB or connect with SQL Management Studio. How do I set up a login and remove any logins that allow a user to connect via Windows Authentication and without entering a username and password? I have not much experience with logins and controlling access.

    Read the article

  • PAM_LDAP error trying to bind ?

    - by billyduc
    I have this error when I ssh to my LDAP client using the login name on the LDAP server my LDAP client's running Ubuntu 9.10 Karmic my LDAP server is Fedora Core 4 and running Fedora Directory Server ssh [email protected] cat /var/log/auth.log //on the client Dec 18 10:24:17 ubuntu-ltsp sshd[4527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=billyhost.local user=billyduc Dec 18 10:24:17 ubuntu-ltsp sshd[4527]: pam_ldap: error trying to bind as user "uid=billyduc,dc=mydomain,dc=com" (Invalid credentials) Dec 18 10:24:18 ubuntu-ltsp sshd[4527]: Failed password for billyduc from 192.168.5.121 port 51449 ssh2 Here's my /etc/pam.d/sshd cat /etc/pam.d/sshd auth [success=1 default=ignore] pam_unix.so auth required pam_ldap.so use_first_pass auth required pam_permit.so account sufficient pam_permit.so I also edit my /etc/ssh/sshd_config in both client and Server PasswordAuthentication yes So I think something wrong with the password when the ssh server do checking

    Read the article

  • Problem with testsaslauthd and kerberos5 ("saslauthd internal error")

    - by danorton
    The error message “saslauthd internal error” seems like a catch-all for saslauthd, so I’m not sure if it’s a red herring, but here’s the brief description of my problem: This Kerberos command works fine: $ echo getprivs | kadmin -p username -w password Authenticating as principal username with password. kadmin: getprivs current privileges: GET ADD MODIFY DELETE But this SASL test command fails: $ testsaslauthd -u username -p password 0: NO "authentication failed" saslauthd works fine with "-a sasldb", but the above is with "-a kerberos5" This is the most detail I seem to be able to get from saslauthd: saslauthd[]: auth_krb5: krb5_get_init_creds_password: -1765328353 saslauthd[]: do_auth : auth failure: [user=username] [service=imap] [realm=] [mech=kerberos5] [reason=saslauthd internal error] Kerberos seems happy: krb5kdc[](info): AS_REQ (4 etypes {18 17 16 23}) 127.0.0.1: ISSUE: authtime 1298779891, etypes {rep=18 tkt=18 ses=18}, username at REALM for krbtgt/DOMAIN at REALM I’m running Ubuntu 10.04 (lucid) with the latest updates, namely: Kerberos 5 release 1.8.1 saslauthd 2.1.23 Thanks for any clues.

    Read the article

  • Impersonation on IIS 7.0 passes the machine credentials for Crystal Reports

    - by pknox
    On a 32-bit Windows 2008 server running the Donor2 Application in the Classic .NET Managed Pipeline mode, configured for Windows Integrated Authentication and Impersonation, all of the .NET pages are passing the authenticated user’s credentials [DomainName\UserName]. This is the correct, expected behavior. The Crystal Reports pages, instead of passing the authenticated user’s credentials, are passing the IIS Server’s credentials [DomainName\MachineName$]. One of the very frustrating aspects of this situation is that I have another server which, as far as I can tell, is configured identically. That server, when loading Crystal Reports, is passing the authenticated user’s credentials [DomainName\UserName] as expected. I have obviously missed something, but I have no idea what it could be.

    Read the article

  • Revocation status of DC can't be verified

    - by DotGeorge
    A Domain Controller within my forest was working fine (as the story usually goes). Then, suddenly, I can't logon with my smart card. Instead, I'm greeted with the following message: The system could not log you on. The revocation status of the domain controller certificate used for smart card authentication could not be determined. I literally have no idea what's happened here. As an attempted quick fix, I removed the root certificate which issued the Smart Card's certificate from the CA of both the client and DC. Then imported a newly exported one from the DC in question. Same issue. I've spotted a number of related articles on Microsoft's forums and a HP support document. Each don't really shed much light as it's a generic error message apparently. Having said all of this, other smart cards (issued from other DCs) work fine. So I have no idea what's up with this one.

    Read the article

  • Poor upload/download speed on 2 x ADSL lines into a Cisco 2621XM

    - by 2020mobile
    Hi, Sorry never been on this site before so I apologise if not the right section or even forum. I have users complaining of very slow internetn connectivity on site and have checked with our ISP who have said that the line is testing at 8mb. We have 2 x BT lines that have our ISP broadand on them. Both lines go into a Cisco 2600 series router that then has a PIX firewall off that. Connectivity is successful just gone really slow and unable to download anything. Config is below: version 12.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ROUTER-ADSL-INTERNET ! logging buffered 16384 informational enable secret xxx enable password xxx ! username xxx username xxx clock summer-time UK recurring last Sun Mar 1:00 last Sun Oct 1:00 aaa new-model ! ! aaa authentication login default local aaa authorization exec default local aaa session-id common ip subnet-zero no ip source-route ! ! ! ip audit notify log ip audit po max-events 100 no ip bootp server ip name-server 213.208.106.212 no mpls ldp logging neighbor-changes no ftp-server write-enable ! ! ! ! ! ! ! ! ! ! no voice hpi capture buffer no voice hpi capture destination ! ! ! ! ! ! ! ! interface ATM0/0 description 01270 111111 no ip address no atm ilmi-keepalive pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface FastEthernet0/0 ip address 82.133.32.9 255.255.255.248 shutdown speed 100 full-duplex no cdp enable ! interface ATM0/1 description 01270 222222 no ip address no atm ilmi-keepalive pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface FastEthernet0/1 ip address 217.146.115.49 255.255.255.240 duplex auto speed auto no cdp enable ! interface Dialer0 ip address 217.146.115.250 255.255.255.248 encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname [email protected] ppp chap password 7 xxxxx ppp multilink ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ! no ip http server no ip http secure-server ! no logging trap access-list 10 permit 217.146.115.50 access-list 10 permit 82.133.32.10 access-list 10 deny any access-list 22 permit 217.146.115.50 access-list 22 permit 217.206.239.86 access-list 22 permit 82.133.32.10 access-list 22 deny any dialer-list 1 protocol ip permit no cdp run ! ! snmp-server community xxxxxx RO 10 snmp-server enable traps tty radius-server authorization permit missing Service-Type ! ! ! ! ! ! line con 0 exec-timeout 5 0 password 7 xxxxxx line aux 0 no exec line vty 0 4 access-class 22 in exec-timeout 5 0 password 7 xxxxxx transport input telnet ssh transport output none line vty 5 15 password 7 xxxxxx transport input telnet ssh ! ntp clock-period 17180095 ntp server 130.88.200.98 ! ! end Now my knowledge is very limited but ISP have said that while the lines are bonded each needs a seperate login as they've recently changed their L2TP router and that enforces the use of seperate logins - when the lines were configured we were given two logins. So, my question is what changes do I need to make to the config in order to get this working? it was ok before their change and I do have another login :- 01270 111111 - [email protected] 01270 222222 - [email protected] Apologies for the long email and thanks for taking the time to read it. Any more info I can provide please let me know. Thanks,

    Read the article

  • Creating an OS X Mountain Lion 10.8 OpenDIrectory database with a specific domain in mind

    - by whardier
    Mountain Lion Server has been one of the most infuriating things ever recently. Above and beyond tons of crashing I've been completely unable to do the following in a way that makes sense to both me and Apple. Name your server srv01.myoffice.domain.com Create an OpenDirectory database as a Master from scratch as dc=domain,dc=com I can rename my server temporarily (taking down vital services in the process due to the automagicliciousness) and create a new profile, however when I switch back to the original domain name the default search base for server related authentication magic is now dc=srv01,dc=myoffice,dc=domain,dc=com. I've tried everything I can think of including using slapconfig backupdb/restoredb and slaving the server off of another then promoting it. This seems rather silly and Apple shows no response to many requests to resolve this. Does anybody out there have the magic to have OpenDirectory work as it should.. being able to give it any domain you want and then having all vital services operate correctly.

    Read the article

  • HAProxy authenticated httpchk (health check)

    - by Markel
    I am using HAProxy on EC2 and using httpchk to manage node availability. I had used a pseudo-unique path as the health check route in an attempt to make sure only my servers responded to the health check. Earlier today I had an EC2 server fall out of existence, and before the haproxy config was auto-regenerated (controller issues), Amazon had reassigned the IP to someone whom 200's every request (honeypot?), my HAProxy host then pulled the server back into rotation and started distributing some of my traffic there until the controller recovered and removed the ip from the list. TLDR; Is there a way to add a server authentication method to HAProxy's httpchk?

    Read the article

  • ForwardAgent in Jenkins

    - by r_2
    I'm trying to enable ForwardAgent in the "Publish over SSH" Jenkins Plugin. This would allow jenkins to execute deployments, rsyncs and svn+ssh checkouts on remote servers. But there's no option for this in the GUI. ForwardAgent is set to yes in /etc/ssh/ssh_config and in /var/lib/jenkins/.ssh/config, but when Jenkins jobs login over ssh, the remote session does not have the key loaded in agent. ("Could not open a connection to your authentication agent.") Is there a way to force ForwardAgent, or a better way to do this (via a Jenkins slave)? Thanks for any ideas, much appreciated!

    Read the article

  • ssh permission denied

    - by Gitmo
    I am trying to ssh into a remote machine and I get the following debug messages: debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to xxx.xxx.x.xx [xxx.xxx.xx.x] port 22. debug1: Connection established. debug3: Not a RSA1 key file /home/hadoop/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/hadoop/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-6ubuntu2 debug1: match: OpenSSH_5.1p1 Debian-6ubuntu2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-6ubuntu2 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 128/256 debug2: bits set: 511/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/hadoop/.ssh/known_hosts debug3: check_host_in_hostfile: match line 20 debug1: Host '192.168.1.63' is known and matches the RSA host key. debug1: Found key in /home/hadoop/.ssh/known_hosts:20 debug2: bits set: 511/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/hadoop/.ssh/id_rsa (0x241c110) debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/hadoop/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey,password). What seems to be the problem?? I have tried everything, this is driving me nuts.

    Read the article

  • MS SQL Server not running on Win7

    - by Anas
    I have installed available all components of "MS_SQL_05" as give named instance on Win-7. I had a default instance running of MSSQL08. While Installing MSSQL05 Instance I choose to use windows authentication. But now I got a problem and my database engine is not running, actually no components are working except I am just able to login to Integration service. I think there is some Username issue, coz It using UsrNm :'Anas-PC\Anas' which seems incorrect. Here below is the detail =================================== Cannot connect to ANAS-PC\MS_SQL_05. =================================== Login failed for user 'Anas-PC\Anas'. (.Net SqlClient Data Provider) Server Name: ANAS-PC\MS_SQL_05 Error Number: 18456 Severity: 14 State: 1 Line Number: 65536

    Read the article

  • Requiring 802.1x login before allowing access to network resources

    - by Calvin Froedge
    I have a ZyXel GS2200-24 managed switch, and a free-radius server running on Ubuntu 11.10. Radius is configured and when I log into the switch the authentication goes through Radius. Now, I'm trying to ensure that access to web resources (as an example, I set up a web server on the ip 192.168.1.2) requires first authenticating with radius, before the switch will allow the connection. Am I correct that this should be handled at the switch level? What are these rules usually called / how are they usually defined?

    Read the article

  • OpenVPN on ec2 bridged mode connects but no Ping, DNS or forwarding

    - by michael
    I am trying to use OpenVPN to access the internet over a secure connection. I have openVPN configured and running on Amazon EC2 in bridge mode with client certs. I can successfully connect from the client, but I cannot get access to the internet or ping anything from the client I checked the following and everything seems to shows a successful connection between the vpn client/server and UDP traffic on 1194 [server] sudo tcpdump -i eth0 udp port 1194 (shows UDP traffic after establishing connection) [server] sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination [server] sudo iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- ip-W-X-Y-0.us-west-1.compute.internal/24 anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination [server] openvpn.log Wed Oct 19 03:11:26 2011 localhost/a.b.c.d:61905 [localhost] Inactivity timeout (--ping-restart), restarting Wed Oct 19 03:11:26 2011 localhost/a.b.c.d:61905 SIGUSR1[soft,ping-restart] received, client-instance restarting Wed Oct 19 03:41:31 2011 MULTI: multi_create_instance called Wed Oct 19 03:41:31 2011 a.b.c.d:57889 Re-using SSL/TLS context Wed Oct 19 03:41:31 2011 a.b.c.d:57889 LZO compression initialized Wed Oct 19 03:41:31 2011 a.b.c.d:57889 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Wed Oct 19 03:41:31 2011 a.b.c.d:57889 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Wed Oct 19 03:41:31 2011 a.b.c.d:57889 Local Options hash (VER=V4): '360696c5' Wed Oct 19 03:41:31 2011 a.b.c.d:57889 Expected Remote Options hash (VER=V4): '13a273ba' Wed Oct 19 03:41:31 2011 a.b.c.d:57889 TLS: Initial packet from [AF_INET]a.b.c.d:57889, sid=dd886604 ab6ebb38 Wed Oct 19 03:41:35 2011 a.b.c.d:57889 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=EXAMPLE/CN=EXAMPLE_CA/[email protected] Wed Oct 19 03:41:35 2011 a.b.c.d:57889 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=EXAMPLE/CN=localhost/[email protected] Wed Oct 19 03:41:37 2011 a.b.c.d:57889 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Oct 19 03:41:37 2011 a.b.c.d:57889 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Oct 19 03:41:37 2011 a.b.c.d:57889 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Oct 19 03:41:37 2011 a.b.c.d:57889 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Oct 19 03:41:37 2011 a.b.c.d:57889 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Wed Oct 19 03:41:37 2011 a.b.c.d:57889 [localhost] Peer Connection Initiated with [AF_INET]a.b.c.d:57889 Wed Oct 19 03:41:39 2011 localhost/a.b.c.d:57889 PUSH: Received control message: 'PUSH_REQUEST' Wed Oct 19 03:41:39 2011 localhost/a.b.c.d:57889 SENT CONTROL [localhost]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route-gateway W.X.Y.Z,ping 10,ping-restart 120,ifconfig W.X.Y.Z 255.255.255.0' (status=1) Wed Oct 19 03:41:40 2011 localhost/a.b.c.d:57889 MULTI: Learn: (IPV6) -> localhost/a.b.c.d:57889 [client] tracert google.com Tracing route to google.com [74.125.71.104] over a maximum of 30 hops: 1 347 ms 349 ms 348 ms PC [w.X.Y.Z] 2 * * * Request timed out. I can also successfully ping the server IP address from the client, and ping google.com from an SSH shell on the server. What am I doing wrong? Here is my config (Note: W.X.Y.Z == amazon EC2 private ipaddress) bridge config on br0 ifconfig eth0 0.0.0.0 promisc up brctl addbr br0 brctl addif br0 eth0 ifconfig br0 W.X.Y.X netmask 255.255.255.0 broadcast W.X.Y.255 up route add default gw W.X.Y.1 br0 /etc/openvpn/server.conf (from https://help.ubuntu.com/10.04/serverguide/C/openvpn.html) local W.X.Y.Z dev tap0 up "/etc/openvpn/up.sh br0" down "/etc/openvpn/down.sh br0" ;server W.X.Y.0 255.255.255.0 server-bridge W.X.Y.Z 255.255.255.0 W.X.Y.105 W.X.Y.200 ;push "route W.X.Y.0 255.255.255.0" push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220" tls-auth ta.key 0 # This file is secret user nobody group nogroup log-append openvpn.log iptables config sudo iptables -A INPUT -i tap0 -j ACCEPT sudo iptables -A INPUT -i br0 -j ACCEPT sudo iptables -A FORWARD -i br0 -j ACCEPT sudo iptables -t nat -A POSTROUTING -s W.X.Y.0/24 -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward Routing Tables added route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface W.X.Y.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 0.0.0.0 W.X.Y.1 0.0.0.0 UG 0 0 0 br0 C:>route print =========================================================================== Interface List 32...00 ff ac d6 f7 04 ......TAP-Win32 Adapter V9 15...00 14 d1 e9 57 49 ......Microsoft Virtual WiFi Miniport Adapter #2 14...00 14 d1 e9 57 49 ......Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Net work Adapter 10...00 1f d0 50 1b ca ......Realtek PCIe GBE Family Controller 1...........................Software Loopback Interface 1 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 36...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.1.2.1 10.1.2.201 25 10.1.2.0 255.255.255.0 On-link 10.1.2.201 281 10.1.2.201 255.255.255.255 On-link 10.1.2.201 281 10.1.2.255 255.255.255.255 On-link 10.1.2.201 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 10.1.2.201 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 10.1.2.201 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 10.1.2.1 Default =========================================================================== C:>tracert google.com Tracing route to google.com [74.125.71.147] over a maximum of 30 hops: 1 344 ms 345 ms 343 ms PC [W.X.Y.221] 2 * * * Request timed out.

    Read the article

  • How to enable key forwarding with ssh-agent?

    - by Lamnk
    I've used the ssh-agent from oh-my-zsh to manage my SSH key. So far, so good, i only have to type the passphrase for my private key once when I start my shell and public key authentication works great. The problem is however that key forwarding doesn't work. There are 2 servers A & B which I can use public key to login. When I ssh into A then from there ssh into B, I must provide my password, which should not be the case. A is a CentOS 5.6 box, B is an Ubuntu 11.04 box. I have this on my local .ssh/config: Host * ForwardAgent yes OpenSSH on A is standard openssh 4.3 package provided by CentOS. I also enable ForwardAgent for ssh client on A, but forwarding still doesn't work.

    Read the article

  • Continuing permissions issues - ASP.net, IIS 7, Server 2008 - 0x80070005 (http 500.19) error

    - by Re-Pieper
    I created an ASP.net MVC developed web application and I am trying to set up IIS. The Error: Http error 500.19, error code 0x80070005, Cannot read configuration file due to insufficient permissions, config file: C:\inetpub\wwwroot\BudgetManagerMain\BudgetManager\web.config If I set the AppPool to use 'administrator' i have no problems and can access the site just fine. If i set to NETWORK SERVICE (or anything else including self-created admin or non-admin user accounts), i get the above error. Things I have tried: identity for Application pool named 'test' is 'NetworkService' Set full access privs for wwwroot and all children files/folders verified effective permissions and NETWORK SERVICE has full access. Authentication on my site is set for anonymous and running under Application Pool Identity I do not have any physical path credentials set on the website confirmed website is set to run under the application pool named 'test' using Process Monitor, here is a summary of what i found on the ACCESS DENIED event EVENT TAB: Class: File System Operation: CreateFile Result: Access Denied Path: ..\web.config Desired Access: Generic Read Disposition: Open Options: Sybnchronous IO Non-Alert, Non-Directory file Attributes: N ShareMode: Read AllocaitonSize: n/a PROCESS TAB ...lots of stuff that seems irrelevant User: NT AUTHORITY\NETWORK SERVICE

    Read the article

  • Delay of mail delivery - Hosted exchange provider

    - by alex
    Hi, I recently signed up to a new hosted email provider. When I send mail (from OWA, OR Outlook) there is a delay of up to 3 minutes from when i send the message, to when it's received (in my gmail account for example) I've listed the headers below. Is there anything I can advise my new email host to do? My previous email host delivers within 5 seconds!! New email provider: Delivered-To: ****.*****@******.co.uk.test-google-a.com Received: by 10.223.120.148 with SMTP id d20cs333125far; Mon, 30 Nov 2009 08:49:43 -0800 (PST) Received: by 10.213.106.202 with SMTP id y10mr4864870ebo.35.1259599782838; Mon, 30 Nov 2009 08:49:42 -0800 (PST) Return-Path: Received: from relay005.apm-internet.net (relay005.apm-internet.net [85.119.248.8]) by mx.google.com with SMTP id 26si13016480ewy.43.2009.11.30.08.49.42; Mon, 30 Nov 2009 08:49:42 -0800 (PST) Received-SPF: neutral (google.com: 85.119.248.8 is neither permitted nor denied by best guess record for domain of ****@*******.com) client-ip=85.119.248.8; Authentication-Results: mx.google.com; spf=neutral (google.com: 85.119.248.8 is neither permitted nor denied by best guess record for domain of ****@*******.com) smtp.mail=****@*******.com Received: (qmail 63915 invoked from network); 30 Nov 2009 16:49:41 -0000 Received: from unknown (HELO mx-out-manc2.simplymailsolutions.com) (88.151.129.22) by relay005.apm-internet.net with SMTP; 30 Nov 2009 16:49:42 -0000 X-APM-IP: 88.151.129.22 X-APM-Score: 4 Received-SPF: none (relay005.apm-internet.net: domain at alexjamesbrown.com does not designate permitted sender hosts) Received: from [10.1.20.1] (helo=win-s-manc1.shared.ifeltd.com) by mx-out-manc2.simplymailsolutions.com with esmtp (Exim 4.63) (envelope-from ) id 1NF9QZ-0005By-Hw for ****.*****@******.co.uk; Mon, 30 Nov 2009 16:48:46 +0000 Received: from sha-exch8.shared.ifeltd.com ([10.1.20.8]) by win-s-manc1.shared.ifeltd.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 30 Nov 2009 16:48:34 +0000 Received: from sha-exch9.shared.ifeltd.com ([10.1.20.9]) by sha-exch8.shared.ifeltd.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 30 Nov 2009 16:48:34 +0000 Received: from SHA-EXCH13.shared.ifeltd.com (10.1.20.13) by sha-exch9.shared.ifeltd.com (10.1.20.9) with Microsoft SMTP Server (TLS) id 8.1.393.1; Mon, 30 Nov 2009 16:48:25 +0000 Received: from SHA-EXCH12.shared.ifeltd.com ([fe80::ecba:36d0:eec5:c928]) by SHA-EXCH13.shared.ifeltd.com ([fe80::212b:916c:70c7:a4e5%11]) with mapi; Mon, 30 Nov 2009 16:48:05 +0000 From: Alex Brown To: "****.*****@*****.co.uk" Date: Mon, 30 Nov 2009 16:48:04 +0000 Subject: testing Thread-Topic: testing Thread-Index: AQHKcdzZg4oiDsOYIEio/7k6bCk8BQ== Message-ID: Accept-Language: en-US, en-GB Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 30 Nov 2009 16:48:34.0235 (UTC) FILETIME=[F48178B0:01CA71DC] Here are the headers using my previous exchange host: Delivered-To: ****.*****@******.co.uk.test-google-a.com Received: by 10.223.120.148 with SMTP id d20cs333076far; Mon, 30 Nov 2009 08:48:35 -0800 (PST) Received: by 10.213.2.70 with SMTP id 6mr4797985ebi.25.1259599715739; Mon, 30 Nov 2009 08:48:35 -0800 (PST) Return-Path: Received: from relay005.apm-internet.net (relay005.apm-internet.net [85.119.248.8]) by mx.google.com with SMTP id 26si13030993ewy.23.2009.11.30.08.48.35; Mon, 30 Nov 2009 08:48:35 -0800 (PST) Received-SPF: neutral (google.com: 85.119.248.8 is neither permitted nor denied by best guess record for domain of ****@*********.com) client-ip=85.119.248.8; Authentication-Results: mx.google.com; spf=neutral (google.com: 85.119.248.8 is neither permitted nor denied by best guess record for domain of ****@*********.com) smtp.mail=****@*********.com Received: (qmail 60920 invoked from network); 30 Nov 2009 16:48:34 -0000 Received: from unknown (HELO MTAb.MsExchange2007.com) (89.31.236.50) by relay005.apm-internet.net with SMTP; 30 Nov 2009 16:48:35 -0000 X-APM-IP: 89.31.236.50 X-APM-Score: 1 Received-SPF: none (relay005.apm-internet.net: domain at alexjamesbrown.com does not designate permitted sender hosts) Received: from EXHUB02.SL.local (no.ptr.hostlogic.biz [89.31.236.28]) by MTAb.MsExchange2007.com (Spam Firewall) with ESMTP id B677A34FE0F for ; Mon, 30 Nov 2009 16:48:33 +0000 (GMT) Received: from EXHUB02.SL.local (no.ptr.hostlogic.biz [89.31.236.28]) by MTAb.MsExchange2007.com with ESMTP id 8X5B8V4tExVzoNyU for ; Mon, 30 Nov 2009 16:48:34 +0000 (GMT) Received: from EXCCR03STORE.SL.local ([10.0.0.2]) by EXHUB02.SL.local ([192.168.92.64]) with mapi; Mon, 30 Nov 2009 16:48:31 +0000 From: Alex James Brown To: "****.*****@******.co.uk" Date: Mon, 30 Nov 2009 16:48:30 +0000 Subject: testing from o Thread-Topic: testing from o Thread-Index: AQHKcdzyY1iBFWiol0ykG6xPQUZiTg== Message-ID: Accept-Language: en-US, en-GB Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0

    Read the article

  • WCF and Firewall

    - by Jim Biddison
    I have written a very simple WCF service (hosted in IIS) and web application that talks to it. If they are both in the same domain, it works fine. But when I put them in different domains (on different sides of a firewall), then the web applications says: The request for security token could not be satisfied because authentication failed. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. The revelant part of the service web.config is: <system.serviceModel> <services> <service behaviorConfiguration="MigrationHelperBehavior" name="MigrationHelper"> <endpoint address="" binding="wsHttpBinding" contract="IMigrationHelper"> <identity> <dns value="localhost" /> </identity> </endpoint> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> <endpoint binding="httpBinding" contract="IMigrationHelper" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="MigrationHelperBehavior"> <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> <serviceMetadata httpGetEnabled="true"/> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="false"/> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel> The web appliation (client) web.config says: <system.serviceModel> <bindings> <wsHttpBinding> <binding name="WSHttpBinding_IMigrationHelper" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/> <security mode="Message"> <transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/> <message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true"/> </security> </binding> </wsHttpBinding> </bindings> <client> <endpoint address="http://mydomain.com/MigrationHelper.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IMigrationHelper" contract="MyNewServiceReference.IMigrationHelper" name="WSHttpBinding_IMigrationHelper"> <identity> <dns value="localhost"/> </identity> </endpoint> </client> </system.serviceModel> I believe both these are just the default that VS 2008 created for me. So my question is, how does one go about configurating the service and client, when they are not in the same domain? Thanks .Jim Biddison

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 155 156 157 158 159 160 161 162 163 164 165 166  | Next Page >