Search Results

Search found 1466 results on 59 pages for 'authenticate'.

Page 18/59 | < Previous Page | 14 15 16 17 18 19 20 21 22 23 24 25  | Next Page >

  • SSSD Authentication

    - by user24089
    I just built a test server running OpenSuSE 12.1 and am trying to learn how configure sssd, but am not sure where to begin to look for why my config cannot allow me to authenticate. server:/etc/sssd # cat sssd.conf [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss,pam domains = test.local [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 # Section created by YaST [domain/mose.cc] access_provider = ldap ldap_uri = ldap://server.test.local ldap_search_base = dc=test,dc=local ldap_schema = rfc2307bis id_provider = ldap ldap_user_uuid = entryuuid ldap_group_uuid = entryuuid ldap_id_use_start_tls = True enumerate = False cache_credentials = True chpass_provider = krb5 auth_provider = krb5 krb5_realm = TEST.LOCAL krb5_kdcip = server.test.local server:/etc # cat ldap.conf base dc=test,dc=local bind_policy soft pam_lookup_policy yes pam_password exop nss_initgroups_ignoreusers root,ldap nss_schema rfc2307bis nss_map_attribute uniqueMember member ssl start_tls uri ldap://server.test.local ldap_version 3 pam_filter objectClass=posixAccount server:/etc # cat nsswitch.conf passwd: compat sss group: files sss hosts: files dns networks: files dns services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files ldap aliases: files shadow: compat server:/etc # cat krb5.conf [libdefaults] default_realm = TEST.LOCAL clockskew = 300 [realms] TEST.LOCAL = { kdc = server.test.local admin_server = server.test.local database_module = ldap default_domain = test.local } [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON [dbmodules] ldap = { db_library = kldap ldap_kerberos_container_dn = cn=krbContainer,dc=test,dc=local ldap_kdc_dn = cn=Administrator,dc=test,dc=local ldap_kadmind_dn = cn=Administrator,dc=test,dc=local ldap_service_password_file = /etc/openldap/ldap-pw ldap_servers = ldaps://server.test.local } [domain_realm] .test.local = TEST.LOCAL [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false minimum_uid = 1 clockskew = 300 external = sshd use_shmem = sshd } If I log onto the server as root I can su into an ldap user, however if I try to console locally or ssh remotely I am unable to authenticate. getent doesn't show the ldap entries for users, Im not sure if I need to look at LDAP, nsswitch, or what: server:~ # ssh localhost -l test Password: Password: Password: Permission denied (publickey,keyboard-interactive). server:~ # su test test@server:/etc> id uid=1000(test) gid=100(users) groups=100(users) server:~ # tail /var/log/messages Nov 24 09:36:44 server login[14508]: pam_sss(login:auth): system info: [Client not found in Kerberos database] Nov 24 09:36:44 server login[14508]: pam_sss(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/ttyS1 ruser= rhost= user=test Nov 24 09:36:44 server login[14508]: pam_sss(login:auth): received for user test: 4 (System error) Nov 24 09:36:44 server login[14508]: FAILED LOGIN SESSION FROM /dev/ttyS1 FOR test, System error server:~ # vi /etc/pam.d/common-auth auth required pam_env.so auth sufficient pam_unix2.so auth required pam_sss.so use_first_pass server:~ # vi /etc/pam.d/sshd auth requisite pam_nologin.so auth include common-auth account requisite pam_nologin.so account include common-account password include common-password session required pam_loginuid.so session include common-session session optional pam_lastlog.so silent noupdate showfailed

    Read the article

  • Is There any way to change Active Directory Users Database Source?

    - by Mehrdad Amini
    I need Active Directory Use My Own Custom Database (or shell or ...) for Authentication Users. Is there any extention or something like this to change User Passwords Database of active directory? I need this Because My Accounts Are In simple Database And I don't Want to Sync them periodically In Fact I can Not Change all My Applications to authenticate from Active Directory!Just I need Active Directory to Use My Database For Authentication.

    Read the article

  • Freeradius on Linux with dynamic VLAN assignment via AD

    - by choki
    I've been trying to configure my freeradius server on Linux to authenticate users from an existing Active Directory (windows server 2003) and i've already done that. Now i need to assign VLANs to those users and i dont know how to :(. The logical procedure should be with an AD attribute but i haven't found which one nor how to read it from the AD to use it on the freeradius server... Can anyone help me with this or tell me where can i find a solution? Thanks in advance

    Read the article

  • Can I use netgroup at an NIS Client (Redhat) to restrict access to it?

    - by sdmythos_gr
    Our company has a central NIS configuration that we are using to access our teams servers (Redhat)... The current configuration allows all valid NIS authenticated users to connect to our servers. We cannot update or change something on the NIS Master Server... so... Is there a way to use netgroups or some other configuration to allow our team members to authenticate using the NIS server but still restrict access to all other users? Thanks!

    Read the article

  • Configure a SPF rule on Ubuntu

    - by TiuTalk
    Where I can create/insert the SPF rules to allow a external server to authenticate and send e-mails using the domain name of my server running Ubuntu? I need to insert this rule: v=spf1 ip4:111.111.111.111/29 ip4:111.111.111.111/24 a mx ~all Thanks :)

    Read the article

  • Web interface to allow users to change their Active Directory password

    - by csexton
    I have a few web applications that use Active Directory to authenticate. What I would like to be able to do is provide a simple web page that would allow users to update their AD password. This wasn't a problem when the majority of the users had windows machines that connected to this AD server (and could ctrl-alt-del to change the password), but we are moving away from that and the AD server is mostly for web apps. Is there a simple solution for this, or am I looking at the big LDAP managers?

    Read the article

  • PPTP ping client to client error

    - by Linux Intel
    I installed pptp server on a centos 6 64bit server PPTP Server ip : 55.66.77.10 PPTP Local ip : 10.0.0.1 Client1 IP : 10.0.0.60 centos 5 64bit Client2 IP : 10.0.0.61 centos5 64bit PPTP Server can ping Client1 And client 1 can ping PPTP Server PPTP Server can ping Client2 And client 2 can ping PPTP Server The problem is client 1 can not ping Client 2 route -n on PPTP Server Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.60 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 10.0.0.61 0.0.0.0 255.255.255.255 UH 0 0 0 ppp1 55.66.77.10 0.0.0.0 255.255.255.248 U 0 0 0 eth0 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0 0.0.0.0 55.66.77.19 0.0.0.0 UG 0 0 0 eth0 route -n On Client 1 Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 55.66.77.10 70.14.13.19 255.255.255.255 UGH 0 0 0 eth0 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth1 0.0.0.0 70.14.13.19 0.0.0.0 UG 0 0 0 eth0 route -n On Client 2 Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 55.66.77.10 84.56.120.60 255.255.255.255 UGH 0 0 0 eth1 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0 0.0.0.0 84.56.120.60 0.0.0.0 UG 0 0 0 eth1 cat /etc/ppp/options.pptpd on PPTP server ############################################################################### # $Id: options.pptpd,v 1.11 2005/12/29 01:21:09 quozl Exp $ # # Sample Poptop PPP options file /etc/ppp/options.pptpd # Options used by PPP when a connection arrives from a client. # This file is pointed to by /etc/pptpd.conf option keyword. # Changes are effective on the next connection. See "man pppd". # # You are expected to change this file to suit your system. As # packaged, it requires PPP 2.4.2 and the kernel MPPE module. ############################################################################### # Authentication # Name of the local system for authentication purposes # (must match the second field in /etc/ppp/chap-secrets entries) name pptpd # Strip the domain prefix from the username before authentication. # (applies if you use pppd with chapms-strip-domain patch) #chapms-strip-domain # Encryption # (There have been multiple versions of PPP with encryption support, # choose with of the following sections you will use.) # BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o # {{{ refuse-pap refuse-chap refuse-mschap # Require the peer to authenticate itself using MS-CHAPv2 [Microsoft # Challenge Handshake Authentication Protocol, Version 2] authentication. require-mschap-v2 # Require MPPE 128-bit encryption # (note that MPPE requires the use of MSCHAP-V2 during authentication) require-mppe-128 # }}} # OpenSSL licensed ppp-2.4.1 fork with MPPE only, kernel module mppe.o # {{{ #-chap #-chapms # Require the peer to authenticate itself using MS-CHAPv2 [Microsoft # Challenge Handshake Authentication Protocol, Version 2] authentication. #+chapms-v2 # Require MPPE encryption # (note that MPPE requires the use of MSCHAP-V2 during authentication) #mppe-40 # enable either 40-bit or 128-bit, not both #mppe-128 #mppe-stateless # }}} # Network and Routing # If pppd is acting as a server for Microsoft Windows clients, this # option allows pppd to supply one or two DNS (Domain Name Server) # addresses to the clients. The first instance of this option # specifies the primary DNS address; the second instance (if given) # specifies the secondary DNS address. #ms-dns 10.0.0.1 #ms-dns 10.0.0.2 # If pppd is acting as a server for Microsoft Windows or "Samba" # clients, this option allows pppd to supply one or two WINS (Windows # Internet Name Services) server addresses to the clients. The first # instance of this option specifies the primary WINS address; the # second instance (if given) specifies the secondary WINS address. #ms-wins 10.0.0.3 #ms-wins 10.0.0.4 # Add an entry to this system's ARP [Address Resolution Protocol] # table with the IP address of the peer and the Ethernet address of this # system. This will have the effect of making the peer appear to other # systems to be on the local ethernet. # (you do not need this if your PPTP server is responsible for routing # packets to the clients -- James Cameron) proxyarp # Normally pptpd passes the IP address to pppd, but if pptpd has been # given the delegate option in pptpd.conf or the --delegate command line # option, then pppd will use chap-secrets or radius to allocate the # client IP address. The default local IP address used at the server # end is often the same as the address of the server. To override this, # specify the local IP address here. # (you must not use this unless you have used the delegate option) #10.8.0.100 # Logging # Enable connection debugging facilities. # (see your syslog configuration for where pppd sends to) debug # Print out all the option values which have been set. # (often requested by mailing list to verify options) #dump # Miscellaneous # Create a UUCP-style lock file for the pseudo-tty to ensure exclusive # access. lock # Disable BSD-Compress compression nobsdcomp # Disable Van Jacobson compression # (needed on some networks with Windows 9x/ME/XP clients, see posting to # poptop-server on 14th April 2005 by Pawel Pokrywka and followups, # http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2 ) novj novjccomp # turn off logging to stderr, since this may be redirected to pptpd, # which may trigger a loopback nologfd # put plugins here # (putting them higher up may cause them to sent messages to the pty) cat /etc/ppp/options.pptp on Client1 and Client2 ############################################################################### # $Id: options.pptp,v 1.3 2006/03/26 23:11:05 quozl Exp $ # # Sample PPTP PPP options file /etc/ppp/options.pptp # Options used by PPP when a connection is made by a PPTP client. # This file can be referred to by an /etc/ppp/peers file for the tunnel. # Changes are effective on the next connection. See "man pppd". # # You are expected to change this file to suit your system. As # packaged, it requires PPP 2.4.2 or later from http://ppp.samba.org/ # and the kernel MPPE module available from the CVS repository also on # http://ppp.samba.org/, which is packaged for DKMS as kernel_ppp_mppe. ############################################################################### # Lock the port lock # Authentication # We don't need the tunnel server to authenticate itself noauth # We won't do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2 # (you may need to remove these refusals if the server is not using MPPE) refuse-pap refuse-eap refuse-chap refuse-mschap # Compression # Turn off compression protocols we know won't be used nobsdcomp nodeflate # Encryption # (There have been multiple versions of PPP with encryption support, # choose which of the following sections you will use. Note that MPPE # requires the use of MSCHAP-V2 during authentication) # # Note that using PPTP with MPPE and MSCHAP-V2 should be considered # insecure: # http://marc.info/?l=pptpclient-devel&m=134372640219039&w=2 # https://github.com/moxie0/chapcrack/blob/master/README.md # http://technet.microsoft.com/en-us/security/advisory/2743314 # http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras # ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o # If the kernel is booted in FIPS mode (fips=1), the ppp_mppe.ko module # is not allowed and PPTP-MPPE is not available. # {{{ # Require MPPE 128-bit encryption #require-mppe-128 # }}} # http://mppe-mppc.alphacron.de/ fork from PPP project by Jan Dubiec # ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o # {{{ # Require MPPE 128-bit encryption #mppe required,stateless # }}} IPtables are stopped on clients and server, Also net.ipv4.ip_forward = 1 is enabled on PPTP Server. How can i solve this problem .?

    Read the article

  • NetworkManager will not allow me to select WPA

    - by Mala
    Hi I have a fresh install of Crunchbang (basically Ubuntu with Openbox instead of Gnome). In any case, I can't connect to my WPA network - when I click on it in the nm-applet and it asks me to authenticate my only options are: WEP 10/128-bit key WEP 128-bit Passphrase LEAP Dynamic WEP (802.1x) wpa_supplicant is indeed installed, yet WPA does not get listed... any ideas?

    Read the article

  • How can I use fetchmail (or another email grabber) with OSX keychain for authentication?

    - by bias
    Every fetchmail tutorial I've read says putting your email account password clear-text in a config file is safe. However, I prefer security through layers (since, if my terminal is up and someone suspecting such email foolery slides over and simply types "grep -i pass ~/.*" then, oops, all my base are belong to them!). Now, with msmtp (as opposed to sendmail) I can authenticate using the OSX keychain. Is there an email 'grabber' that lets me use Keychains (or at least, that lets me MD5 the password)?

    Read the article

  • Squid authentication encryption

    - by barbarossa12d
    Hi, I use Squid and the users must authenticate. The users are authenticating in cleartext. I found tutorials about stunnel (http://www.jeffyestrumskas.com/?page_id=3), but the clients also need this software. Is there no possibility that for user authentication SSL (or some other encryption technology) can be used?. Thanks.

    Read the article

  • Domain authentication used for kerberos based authentication of users on my server

    - by J G
    Suppose a user process has authenticated itself against domain's directory server via kerberos, and then attempts opens a network socket to my server application. My server application has a white-list of users from the domain directory server. How does my server app authenticate the user from the directory based on this socket opening attempt? (To keep things simple - let's say my server is written in Java, and the directory server is Active Directory) EDIT My question is about how the client asks for an authentication token.

    Read the article

  • what is the location of the log file for bugzilla on windows

    - by mohang
    We are using Bugzlla on windows. We set up the SMTP server configuration in the admin parameters. But Bugzilla is unable to send emails. It always reports "Could not authenticate user". How to know the details of the error? Everything we configured are working fine when used in another system. Can you please point out the location of the log file Any points to troubleshoot the issue is greatly appreciated.

    Read the article

  • ssh authentication with public-private key pair

    - by Rui Gonçalves
    Hi! I'm wonder if is possible to authenticate the same user with different public-private keys pairs on the same remote host. For all production servers, the public-private key pair has been generated for the same user and then exported to the backup server for allowing ssh authentication without human intervention. However, I'm having problems on some production servers, once the password prompt is always displayed. Thanks in advance for the help, Best regards!

    Read the article

  • Configure host access rights in OpenLDAP

    - by Anonymous Coward
    I've set up an OpenLDAP-Server to authenticate users to our Ubuntu-servers. The authentication works quite well but I'd like to restict the user's access to certain servers. I know this can be done through nss_base_something in the client's ldap.conf. However, this requires the group restrictions to be specified on the client. I wonder if the restrictions can be set completely in OpenLDAP. If it is, I'd like to know how. Thanks, AC

    Read the article

  • Advice, pls: web app stack suitable for shared hosting ...

    - by Bill Bell
    Considerations: greatly prefer Python want to build as little as possible myself (I suppose this is obvious) prefer built-in or availability of add-on wiki and conferencing (nothing fancy) need three levels of authentication: single 'super user', one administration user for each of several groups, individual 'ordinary' users authenticate to one of these groups cron substitute à la Django or Zope would be nice, for keeping an RSS feed up-to-date, principally hosting I use does not provide mod_wsgi, mod_python, etc. Your thoughts, please.

    Read the article

  • Windows Server 2008 R2, IIS 7.5, Windows Authentication

    - by nick
    Ive a 7.5 IIS installed on my server with windows authentication enabled cause i need it for NTLM / SSO on intranet pages. when windows authentication is activated, iis cant authenticate himself on his own webserver.. thats the error i got in the iis log: 2011-11-24 08:47:10 10.50.2.91 POST /ldap.php - 80 - 10.50.2.91 SWIFT_LoginShare 401 2 5 0 so.. how can i make sure, using windows authentication, that iis authenticates himself? thx for your help

    Read the article

  • Can the OS X unlock panel trigger a login hook similar to loginwindow?

    - by Allen
    I'd like to automatically run a shell script every time I authenticate onto my computer. However, all the info I can find about loginhook and Global LoginItems applies only when authenticating to "loginwindow," and not to the "unlock panel." The unlock panel prompts for a password when waking up from sleep or from a locked screen. Is there any way to trigger script execution after successfully unlocking the screen?

    Read the article

  • openldap-servers-2.2.13-12.el4_8.2 RHEL 4 err=6

    - by coderwhiz
    I have been seeing these following error codes on our LDAP server: zgrep -o err=[0-9]* ldap.log.1.gz | sort | uniq -c 106664 err=0 146 err=16 288 err=4 29 err=49 8106 err=6 Can someone explain what err=6 is exactly and if its a big problem? I have been seeing lately some failures to authenticate and wonder if it is related to these errors? I have seen a possible timeout problem in the 2.2 Code base and not sure if theres a patch or if I would have to upgrade to the latest openldap version? thanks kosta

    Read the article

  • Can Gitosis enforce correct user name/email?

    - by koumes21
    Gitosis is able to authenticate users based on public/private key pair. It is able to find out which user is currently committing. However, the user name and email is taken from the client's Git configuration ('git config user.name' etc.), which can be set to arbitrary values. Is there any way to associate user names and emails with their public keys and then make Gitosis uses these names and emails as the name and email of the committer?

    Read the article

  • Why does Kerberos need Ticket Granting Server?

    - by Narsil
    It's probably something fundamental but I can't find a certain statement. Why can't KDC authenticate then provide the service ticket directly. Is it about security or performance or some other thing? Since users don't log in each time they request a service and assumably they will keep logged in for a long time, AS doesn't seem so busy. Why do they have to be seperated?

    Read the article

  • Is there a security concern exposing NTLM authentication over http or should it only be https?

    - by Shane
    We are setting up a SharePoint 2010 site. Don't worry, this is not a Sharepoint question, just adding it for context. Most of the site will be anonymous, but some users are able to authenticate in and edit content. They use NTLM (users exist in AD). Is there any concern about exposing NTLM login for users that can modify content over the internet via http or should that only be exposed via https?

    Read the article

  • Does a VPN certificate request need to be encrypted

    - by Kernel Panic
    We have a Cisco 3000 VPN concentrator and use the Cisco VPN client to generate certificate requests, which we then create/authenticate on our certificate server. When the help desk generates the request, they sometimes email that to me, then I generate the certificate on the server. Does the request need to be encrypted? Until the certificate gets generated is there something in the request itself that would need to remain secret? Thank you.

    Read the article

< Previous Page | 14 15 16 17 18 19 20 21 22 23 24 25  | Next Page >