Search Results

Search found 5866 results on 235 pages for 'authentication'.

Page 190/235 | < Previous Page | 186 187 188 189 190 191 192 193 194 195 196 197  | Next Page >

• Changing externally visible IP on a multi-IP router?

  - by AlternateZ

  I work at a public library and I'm trying to configure OCLC's EzProxy software. I've run into a problem and I think it's related to our network config. I'm punching above my weight here a little so I need some help. I think I'm trying to configure a 1:1 NAT, but not sure how or if our hardware supports it. The EzProxy machine is on an internet line which supports multiple external IPs. Our router is a Billion BiGuard30. There's another server on this line, let's say its IP is x.x.x.9. The EzProxy machine is x.x.x.11 I've set up port forwarding from x.x.x.11 on the http ports to the EzProxy machine. Trying to browse to x.x.x.11 from an external PC works fine - we get to the EzProxy page we are serving. However, if we go to something like WhatIsMyIP from the EzProxy machine, it says that its IP is x.x.x.9. This causes problems with our user authentication software. How do we make the rest of the internet see that the machine is x.x.x.11? There doesnt seem to be any "outbound port forwarding" on the Billion router, nor is there any "1:1 NAT" options in its config webpage. The EzProxy machine is running Ubuntu 12.04, if that helps.

  Read the article

• Error opening hyperlinks in Excel 2003

  - by richardtallent

  When clicking to follow hyperlinks from Excel, I'm now getting this error: Unable to open http://blah... Cannot download the information you requested. The hyperlinks in the Excel file are created using the HYPERLINK() formula. I use Google Chrome as my default browser. The web site in question uses Basic Authentication, and I've entered correct credentials when prompted (the dialog looked like an IE auth box, not Chrome's, but it's always been that way, even when it was working properly). This hasn't been an issue until recently. I'm guessing our IT department made some lame change to IE's configuration that is causing Office to not be able to open the URLs, despite having Chrome as my browser. Things I've checked already: URLs are good, they work fine when pasted manually into Chrome, IE, or Firefox. IE is not set to Work Offline (already found that suggestion on Google). I checked Program Access and Defaults and verified that Chrome is selected. Nothing in the URL requires URLEncoding, so it's no goofy issue with encoding I've had reports from some other users now and then about the same problem, but this is the first time I've experienced it myself.

  Read the article

• VPN Error 619: Behind Cisco Router WRT310N

  - by ty91011

  I've researched a lot on all the forums and this error is too generic for any of the proposed solutions to work. I'll try to give as much detail and tried solutions. I'm running a CentOS PPTP server behind a Cisco WRT310N Router. Multiple clients from outside with different OS have failed with the same error 619, along with turning off windows firewall and disabling antivirus. I believe this is a router and IP routing issue, and not a client issue. When I connect from a client on the same router as the VPN server, it works when I use the 192. network address- but doesn't work with the public IP address. I've tried telnet to port 1723 from an outside server and I get in. I've opened up the VPN port (1723) on the router, VPN udp port (500), and the GRE port (47) to route to the VPN server's ip. Also, the server's router is behind a DSL modem. I had a glimmer of hope when this site: http://www.chicagotech.net/casestudy/vpnerror619.htm suggested that the PPoE authentication should reside on the router and not the modem. But I still came up empty. So does anybody know what the problem is?

  Read the article

• Accessing network shares on Windows7 via SonicWall VPN client

  - by Jack Lloyd

  I'm running Windows7 x64 (fully patched) and the SonicWall 4.2.6.0305 client (64-bit, claims to support Windows7). I can login to the VPN and access network resources (eg SSH to a machine that lives behind the VPN). However I cannot seem to be able to access shared filesystems. Windows is refusing to do discovery on the VPN network. I suspect part of the problem is Windows persistently considers the VPN connection to be a 'public network'. Normally, you can open the network and sharing center and modify this setting, however it does not give me a choice for the VPN. So I did the expedient thing and turned on file sharing for public networks. I also disabled the Windows firewall for good measure. Still no luck. I can access the server directly by putting \\192.168.1.240 in the taskbar, which brings up the list of shares on the server. However, trying to open any of the shares simply tells me "Windows cannot access \\192.168.1.240\share You do not have permission to access ..."; it never asks for a domain password. I also tried Windows7 native VPN functionality - it couldn't successfully connect to the VPN at all. I suspect this is because SonicWall is using some obnoxious special/undocumented authentication system; I had similar problems trying to connect on Linux with the normal IPsec tools there. What magical invocation or control panel option am I missing that will let this work? Are there any reasonable debugging strategies? I'm feeling quite frustrated at Windows tendency to not give me much useful information that might let me understand what it is trying to do and what is going wrong.

  Read the article

• Biztalk 2009 logshipping with SQL 2008

  - by Manjot

  Hi, I am setting up biztalk logshipping for Biztalk 2009 database. Following http://msdn.microsoft.com/en-us/library/aa560961.aspx article, I am doing the following to setup biztalk logshipping on destination server: Enable Ad-hoc queries by: sp_configure 'show advanced options',1 go reconfigure go sp_configure 'Ad Hoc Distributed Queries',1 go reconfigure go sp_configure 'show advanced options',0 go reconfigure go Execute LogShipping_Destination_Schema & LogShipping_Destination_Logic in master on destinations server Run: exec bts_ConfigureBizTalkLogShipping @nvcDescription = '', @nvcMgmtDatabaseName = '', @nvcMgmtServerName = '', @SourceServerName = null, -- null indicates that this destination server restores all databases @fLinkServers = 1 -- 1 automatically links the server to the management database When I run this I am receiving the following error: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. After some research I found some info : Usually this error means that the SQL Server Service Principal Name (SPN) was not configured, and NTLM was not being used as an authentication mechanism. SQl services are runing under different domain accounts. So, I asked the domain admin to create SPNs for the servers, SQL service accounts for beoth source and destination using name and FQDN. enabled computer name and service accounts for delegation. When I run the following: select * from sys.dm_exec_connections I get the the same error: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' Any help please?

  Read the article

• pam debugging "check pass; user unknown"

  - by lvc

  I am attempting to get Prosody authenticating with its auth_pam module. It is configured to use the pam service name xmpp. The pam.d/xmpp file is copied straight from the one configured for dovecot (originally taken from, I think, dovecot's documentation), which is known to be working: # cat /etc/pam.d/xmpp auth required pam_unix.so nullok debug account required pam_unix.so debug Logging in with dovecot works wonderfully. Logging in with prosody, with exactly the same username and password, causes Prosody to return 'Not authorized', and the following in journalctl -f: Oct 29 22:12:14 riscque.net prosody[9396]: c2s1d010b0: Client sent opening <stream:stream> to riscque.net Oct 29 22:12:14 riscque.net prosody[9396]: c2s1d010b0: Sent reply <stream:stream> to client Oct 29 22:12:14 riscque.net prosody[9396]: [178B blob data] Oct 29 22:12:14 riscque.net unix_chkpwd[9408]: check pass; user unknown Oct 29 22:12:14 riscque.net prosody[9396]: pam_unix(xmpp:auth): conversation failed Oct 29 22:12:14 riscque.net prosody[9396]: pam_unix(xmpp:auth): unable to obtain a password Oct 29 22:12:14 riscque.net prosody[9396]: pam_unix(xmpp:auth): auth could not identify password for [lvc] Oct 29 22:12:14 riscque.net prosody[9396]: riscque.net:saslauth: sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text>Unable to authorize you with the authentication credentials you&apos;ve sent.</text></failure> This series of errors seems mutually contradictory - first it says "user unknown", but then that it can't obtain the password for lvc - this username certainly exists on the system. What is likely going on here, and how would I debug this further?

  Read the article

• NIS: which mechanism hides shadow.byname for unpriviledged users?

  - by Mark Salzer

  On some Linux box (SLES 11.1) which is a NIS client I can do as root: ypcat shadow.byname and get output, i.e. some lines with the encrypted passwords, amongst other information. On the same Linux box, if I run the same command as unpriviledged user, I get No such map shadow.byname. Reason: No such map in server's domain Now I am surprised. My good old knowlege says that shadow passwords in NIS are absurd because there is no access control or authentication in the protocol and thus every (unpriviledged) user can access the shadow map and thereby obtain the encrypted passwords. Obviously we have a different picture here. Unfortunately I don't have access to the NIS server to figure out what is happening. My only guess is that the NIS master gives the map only to clients conection from a priviledged port (1024), but this is only an uneducated guess. What mechanisms are there in current NIS implementations to lead to a behavior like the above? How "secure" are they? Can the be circumvented easily? Or are shadow passwords in NIS as secure as the good old shadow files?

  Read the article

• Dual Monitor support rdp 7 to win 7 on esxi

  - by rphilli5

  I am trying to RDP from a Windows 7 Professional dual monitor physical machine to a Windows 7 Professional VM hosted on esxi 4.0. I can get the spanning option to work to both monitors, but I have tried 3 different methods of connecting but have not been able to use true multiple monitors. At different times, I tried checking the "use all monitors" option, command line mstsc /multimon and added the line use multimon:i:1 to the .rdp file. None of these worked. Any ideas? The physical machine can connect to other Windows 7 physical machines with true multi monitor access. I also have the same issue when going from a 32bit RC1 machine to a Windows 7 Professional x64, but not when going in the reverse direction. Here's the .rdp: screen mode id:i:2 use multimon:i:1 desktopwidth:i:1440 desktopheight:i:900 session bpp:i:16 winposstr:s:0,1,341,118,1139,568 compression:i:1 keyboardhook:i:2 audiocapturemode:i:0 videoplaybackmode:i:1 connection type:i:1 displayconnectionbar:i:1 disable wallpaper:i:1 allow font smoothing:i:0 allow desktop composition:i:0 disable full window drag:i:1 disable menu anims:i:1 disable themes:i:1 disable cursor setting:i:0 bitmapcachepersistenable:i:1 full address:s:192.168.1.5 audiomode:i:0 redirectprinters:i:1 redirectcomports:i:0 redirectsmartcards:i:1 redirectclipboard:i:1 redirectposdevices:i:0 redirectdirectx:i:1 autoreconnection enabled:i:1 authentication level:i:2 prompt for credentials:i:0 negotiate security layer:i:1 remoteapplicationmode:i:0 alternate shell:s: shell working directory:s: gatewayhostname:s: gatewayusagemethod:i:4 gatewaycredentialssource:i:4 gatewayprofileusagemethod:i:0 promptcredentialonce:i:1 use redirection server name:i:0 drivestoredirect:s:

  Read the article

• Why an empty MAIL FROM address can sent out email?

  - by garconcn

  We are using Smarter Mail system. Recently, we found that hacker had hacked some user accounts and sent out lots of spams. We have firewall to ratelimit the sender, but for the following email, the firewall couldn't do this because of the empty FROM address. Why an empty FROM address is consider OK? Actually, in our MTA(surgemail), we can see the sender in the email header. Any idea? Thanks. 11:17:06 [xx.xx.xx.xx][15459629] rsp: 220 mail30.server.com 11:17:06 [xx.xx.xx.xx][15459629] connected at 6/16/2010 11:17:06 AM 11:17:06 [xx.xx.xx.xx][15459629] cmd: EHLO ulix.geo.auth.gr 11:17:06 [xx.xx.xx.xx][15459629] rsp: 250-mail30.server.com Hello [xx.xx.xx.xx] 250-SIZE 31457280 250-AUTH LOGIN CRAM-MD5 250 OK 11:17:06 [xx.xx.xx.xx][15459629] cmd: AUTH LOGIN 11:17:06 [xx.xx.xx.xx][15459629] rsp: 334 VXNlcm5hbWU6 11:17:07 [xx.xx.xx.xx][15459629] rsp: 334 UGFzc3dvcmQ6 11:17:07 [xx.xx.xx.xx][15459629] rsp: 235 Authentication successful 11:17:07 [xx.xx.xx.xx][15459629] Authenticated as [email protected] 11:17:07 [xx.xx.xx.xx][15459629] cmd: MAIL FROM: 11:17:07 [xx.xx.xx.xx][15459629] rsp: 250 OK < Sender ok 11:17:07 [xx.xx.xx.xx][15459629] cmd: RCPT TO:[email protected] 11:17:07 [xx.xx.xx.xx][15459629] rsp: 250 OK Recipient ok 11:17:08 [xx.xx.xx.xx][15459629] cmd: DATA

  Read the article

• Is there a reason to use internal DNS over 8.8.8.8 ?

  - by skylarking

  I've inherited a LAN where there is really no name resolution being done for local resources... i.e. all users enter IP addresses manually to access printers and network shares. There are no LDAP servers or domains either....workstations simply connect to the network without authentication. DHCP is handled via a core switch... And DNS settings are also handed out by this same core switch. Currently, the DNS assignments are as such, and in this order: 10.1.1.50 / old Pentium III Windows 2003 box running DNS service- 128 MB RAM 169.200.x.x / ISP 4.2.2.2. / the well known public one There a couple thousand clients on the LAN....and most of the activity is web browsing ( this is an educational setting ). First of all, the server seems woefully underpowered for this task...yet there is virtually no slowness when web surfing by clients.... How much horsepower should a heavily used DNS server have ? I have also heard using 4.2.2.2 is a bad idea .... since it has been so overused... Finally, wouldn't it make sense to have a robust external DNS server listed first? ( Google's 8.8.8.8 would seem to be a logical candidate )

  Read the article

• How to connect to local instance of SQL Server 2008 Express

  - by Billy Logan

  I just installed SQL Server 2008 Express on my windows 7 machine. I previously had 2005 on here and used it just fine with the old SQL Server Management Studio Express. I was able to connect with no problems to my PC-NAME\SQLEXPRESS instance. I uninstalled 2005 and SQL Server Management Studio Express. I then installed SQL Server 2008 Express on my machine and elected to have it install SQL Server Management Studio. Now, when I try to connect to PC-NAME\SQLEXPRESS (with Windows Authentication, like I always did), I get the following message: Cannot connect to PC-NAME\SQLEXPRESS. A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified) (Microsoft SQL Server, Error: -1) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=-1&LinkId=20476 When I went to the help link it mentions, the help page suggests the following: * Make sure that the SQL Server Browser service is started on the server. * Use the SQL Server Surface Area Configuration tool to enable SQL Server to accept remote connections. For more information about the SQL Server Surface Area Configuration Tool, see Surface Area Configuration for Services and Connections. I did try starting the SQL Server Browser, but don't see that the Surface Area Configuration is installed with this express version. I had seen another user with an almost exact same issue that was missing the database engine on install. If that were the case how could i test for that and where would i go to download that install. Thanks in advance, Billy

  Read the article

• IIS 7.5 Siteminder Does not protect ASP.net MVC requests

  - by HariM

  We are trying to use ASP.Net MVC with Siteminder for Single Sign on. This is on Windows Server 2008 R2 with IIS 7.5. Siteminder Agent version 6QMR6. Problem : Siteminder protects physical files that are exist. And it is not protecting the folder when we try to access a non existed file. It must redirect to login page even if the file doesn't exist when the user is accessing a protected folder. How to configure in IIS 7.5 that Do not verify a file exist, before authentication by siteminder. SiteMinderWebAgent is a Handler(WildCard Script Map) we created using the ISAPI6WebAgent.dll How to Protect ASP.Net MVC Request with Siteminder? (Added this as My previous question did not solve the problem). MVC Request shows up in IIS Log but not in Siteminder log. Update : Microsoft Support says currently IIS7.5, even in earlier versions doesnt support wildcard mappings on any two Isapi Handlers with * wild card. Currently in my case Siteminder has * wildcard and asp.net mvc (handler is aspnet_isapi) has * wildcard to handle the reqeusts. Ordered priority doesnt work in the wild card mappings case with Just *. Did not convinced with the answer but will wait till tomorrow for them to get back.

  Read the article

• Squid - Active Directory - permissions based on Nodes rather than Groups

  - by Genboy

  Hi, I have squid running on a gateway machine & I am trying to integrate it with Active Directory for authentication & also for giving different browsing permissions for different users. 1) /usr/lib/squid/ldap_auth -b OU=my,DC=company,DC=com -h ldapserver -f sAMAccountName=%s -D "CN=myadmin,OU=Unrestricted Users,OU=my,DC=company,DC=com" -w mypwd 2) /usr/lib/squid/squid_ldap_group -b "OU=my,DC=company,DC=com" -f "(&(sAMAccountName=%u)(memberOf=cn=%g,cn=users,dc=company,dc=com))" -h ldapserver -D "CN=myadmin,OU=Unrestricted Users,OU=my,DC=company,DC=com" -w zxcv Using the first command above, I am able to authenticate users. Using the second command above, I am able to figure out if a user belongs to a particular active directory group. So I should be able to set ACL's based on groups. However, my customer's AD setup is such that he has users arranged in different Nodes. For eg. He has users setup in the following way cn=usr1,ou=Lev1,ou=Users,ou=my,ou=company,ou=com cn=usr2,ou=Lev2,ou=Users,ou=my,ou=company,ou=com cn=usr3,ou=Lev3,ou=Users,ou=my,ou=company,ou=com etc. So, he wants that I have different permissions based on whether a user belongs to Lev1 or Lev2 or Lev3 nodes. Note that these aren't groups, but nodes. Is there a way to do this with squid? My squid is running on a debian machine.

  Read the article

• Problems with OpenVPN setup

  - by user70617

  Hi, I'm trying to set up a VPN server using OpenVPN and I'm getting some errors while trying to connect the client to the server. I'm getting the following error: Sun Feb 13 14:54:16 2011 OpenVPN 2.1.4 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Feb 5 2011 Sun Feb 13 14:54:16 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Sun Feb 13 14:54:16 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Sun Feb 13 14:54:16 2011 ******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext Sun Feb 13 14:54:16 2011 RESOLVE: NOTE: localhost resolves to 2 addresses Sun Feb 13 14:54:16 2011 Note: Cannot ioctl TUNSETIFF tap0: Device or resource busy (errno=16) Sun Feb 13 14:54:16 2011 Note: Attempting fallback to kernel 2.2 TUN/TAP interface Sun Feb 13 14:54:16 2011 Cannot open TUN/TAP dev /dev/tap0: No such file or directory (errno=2) Sun Feb 13 14:54:16 2011 Exiting I have bridge-utils installed and tap0 shows up in ifconfig. Can anybody give me a hand? Thanks in advance.

  Read the article

• Port forwarding for samba

  - by EternallyGreen

  Alright, here's the setup: Internet - Modem - WRT54G - hubs - winxp workstations & linux smb server. Its basically a home-style distributed internet connection setup, except its at a school. What I want is remote, offsite smb access. I figured I'd need to find out which ports need forwarding and then forward them to the server on the router. I'm told in another question on SF that multiple ports will need forwarding, and it gets somewhat complicated. One of the things I need to know is which ports require forwarding for this, and what complications or vulnerabilities could arise from this. Any additional information you think I should have before doing this would be great. I'm told SMB doesn't support encryption, which is fine. Given I set up authentication/access control, all this means is that once one of my users authenticates and starts downloading data, the unencrypted traffic could be intercepted and read by a MITM, correct? Given that that's the only problem arising from lack of encryption, this is of no concern to me. I suppose that it could also mean a MITM injecting false data into the data stream, eg: user requests file A, MITM intercepts and replaces the contents of file A with some false data. This isn't really an issue either, because my users would know that something was wrong, and its not likely anyone would have incentive to do this anyway. Another thing I've been informed of is Microsoft's poor implementation of SMB, and its crap track record for security. Does this apply if only the client-end is MS? My server is linux.

  Read the article

• Win Server 2k and Win 7 client

  - by Ray Kruse

  I have a Win Server 2000 system with AD configured. The network consists of an OKI printer, a network server, a wifi router a Win 2k client and the server. I'm trying to connect a Win 7 client. The purpose of the network, besides sharing equipment is to move files from client to client and scatter backups over more than 1 machine. The Win 7 client is configured for DHCP and does in fact receive it's IP and DNS configuration from the server and it sees the printer, wifi router and network drive, but does not see the Win 2k client nor the Win 2k server. I have tried the LAN Management Authentication Level set to 'Send LM & NTLM responses' with the 128 bit encryption removed. I've also done the registry hack on the key 'LmCompatibilityLevel'. Neither of these have helped. I have two questions: Is there a fix or is Win 2k totally incompatible? Is the best (or quickest/cheapest) fix to upgrade the server to Win 2k3 and not worry about the Win 2k client? Thanks for any help. Ray Kruse Buffalo, KY

  Read the article

• Configure J2EE Agent with OpenAM behind Reverse Proxy

  - by Troy

  I have a reverse proxy with two SSL enabled NamedVirtualHosts on different ports. Both containers on each internal host is GF 2.1.1. Proxy configuration as follows: Proxy URL -> Internal URL https://apps.mydomain.com -> http://apps.internal.com https://secure.otherdomain.com:8080/ -> http://secure.internal.com I initially tried configuring the J2EE agent in OpenAM and the web app container to use the internal URLs (I appended /openam and /agentapp respectively). However, I received the following errors when trying to access a secured application such as https://apps.mydomain.com/webapp. java.lang.RuntimeException: Failed to load configuration: ApplicationSSOTokenProvider.getApplicationSSOToken(): Unable to get Application SSO Token A second attempt gives the following error: java.lang.NoClassDefFoundError: Could not initialize class com.sun.identity.agents.filter.AmFilterManager Along with these in the agent debug.out: ERROR: Failed to obtain auth service url from server: null://null:null ... SiteMonitor: Site URL http://secure.internal.com/openam/namingservice is not available. If I specify the server and agent urls using the proxy urls, then the agent appears to be working and I am redirected to the OpenAM login page. However, the goto in the URL is http://apps.mydomain.com/webapp instead of https://apps.mydomain.com/webapp (missing https). So after authentication, the redirect fails. Now I could possibly get by with mod_rewrite, but it feels hackish and I really want to know what's going on. Any ideas?

  Read the article

• CopSSH SFTP -- limit users access to their home directory only

  - by bradvido

  Let me preface this by saying I've read and followed these instructions at the FAQ many times: http://www.itefix.no/i2/node/37 It does not do what the title claims... It allows every user access to every other user's home directory, as well as access to all subfolders below the copssh installation path. I'm only using this for SFTP access and I need my users to be sandboxed into only their home directory. If you know a fool-proof way to lock users down so they can see only their home directory and its subfolders, stop reading now and reply with the solution. The details: Here is exactly what i tried as I followed the FAQ. My copSSH installation directory is: C:\Program Files\CopSSH net localgroup sftp_users /ADD **Create a user group to hold all my SFTP users cacls c:\ /c /e /t /d sftp_users **For that group, deny access at the top level and all levels below cacls "C:\Program Files\CopSSH" /c /e /t /r sftp_users **Allow my user group access to the copSSH installation directory and its subdirectories For each sftp user, I create a new windows user account, then I: net localgroup sftp_users sftp_user_1 /add **Add my user to the group I've created Open the activate user wizard for CopSSH, choosing the user, "/bin/sftponly" and Remove copssh home directory if it exists **Remains checked Create keys for public key authentication **Remains checked Create link to user's real home directory **Remains checked This works, however, every user has access to every other user's home directory as well as the CopSSH root directory.... So I tried denying access for all users to the user home directory: cacls "C:\Program Files\CopSSH\home" /c /e /t /d sftp_users **Deny access for users to the user home directory Then I tried adding permissions on a user-by-user basis for each users home\username folder. However,these permission were not allowed by windows because of the above deny rule i created at the home directory was being inherited and over-riding my allow rule. The next step for me would be to remove the deny rule at the home directory and for each user folder, add a deny rule for every user it doesn't belong to, and add an allow rule for the one user it does belong to. However, as my user list gets long, this will become very cumbersome. Thanks for the help!

  Read the article

• IIS 6 ASP.NET default handler-mappings and virtual directories

  - by mlauter

  I'm having a problem with setting a default mapping in IIS 6. I want to secure *.HTML files with ASP.NET forms authentication. The problem seems to have something to do with using virtual directories to hold the html files. Here's how it's setup: sample directory tree c:/inetpub/ (nothing in here) d:/web_files/my_web_apps d:/web_files/my_web_apps/app1/ d:/web_files/my_web_apps/app2/ d:/web_files/my_web_apps/html_files/ app1 and app2 both access the same html_files directory, so html_files is set as a virtual directory in the web apps in IIS... sample web directory tree //app1/html_files/ (points to physical directory: d:/web_files/my_web_apps/html_files/) //app2/html_files/ (points to physical directory: d:/web_files/my_web_apps/html_files/) If I put a file called test.html in the root of //app1/ and then add the default mapping to the asp.net dll and setup my security on the root folder with deny="?", then accessing test.html works exactly as expected. If I'm not authenticated, it takes me to the login.aspx page, and if I am authenticated then it displays test.html. If I put the test.html file in the html_files directory I get a totally different behavior. Now the login.aspx page loads and I stuck some code in to check if I was still authenticated: <p>autheticated: <%=User.Identity.IsAuthenticated%></p> I figured it would say false because why else would it bother to load the login page? Nope, it says true - so it knows i'm authenticated, but it won't give me access to the test.html file. I've spent several hours on this and haven't been able to solve it. I'm going to spend some more time on google to see if I've missed something. Fingers crossed.

  Read the article

• ssh keys rejected each day

  - by EddyR

  I've had OpenSSH server running on my debian server for a couple weeks and all of a sudden now when I go to login the next day it rejects my ssh key and I have to manually add a new one each time. Not only that but I have the "tunneling with clear-text passwords" option enabled and the non-root (login with root is disabled) account for that is rejected too. I'm at a loss why this is happening and I can't find any ssh options that would explain it. --update-- I just changed debug level to DEBUG. But before that I'm seeing a lot of the following in auth.log Feb 1 04:23:01 greenpages CRON[7213]: pam_unix(cron:session): session opened for user root by (uid=0) Feb 1 04:23:01 greenpages CRON[7213]: pam_unix(cron:session): session closed for user root ... Feb 1 04:36:26 greenpages sshd[7217]: reverse mapping checking getaddrinfo for nat-pool-xx-xx-xx-xx.myinternet.net [xx.xx.xx.xx] failed - POSSIBLE BREAK-IN ATTEMPT! ... Feb 1 04:37:31 greenpages sshd[7223]: Did not receive identification string from xx.xx.xx.xx ... My sshd_conf file settings are: # Package generated configuration file # See the sshd(8) manpage for details # What ports, IPs and protocols we listen for Port xxx # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel DEBUG # Authentication: LoginGraceTime 120 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding no X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server UsePAM no ClientAliveInterval 60 AllowUsers myuser

  Read the article

• saslauthd using too much memory

  - by Brian Armstrong

  Woke up today to see my site slow/unresponsive. Pulled up top and it looks like a ton of saslauthd processes have spun up using about 64m of RAM each, causing the machine to enter swap space. I've never seen this many used on there. top - 16:54:13 up 85 days, 11:48, 1 user, load average: 0.32, 0.50, 0.38 Tasks: 143 total, 1 running, 142 sleeping, 0 stopped, 0 zombie Cpu(s): 0.7%us, 0.3%sy, 0.0%ni, 97.3%id, 0.2%wa, 0.0%hi, 0.0%si, 1.4%st Mem: 1048796k total, 1025904k used, 22892k free, 14032k buffers Swap: 2097144k total, 332460k used, 1764684k free, 194348k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 848 admin 20 0 263m 115m 4840 S 0 11.3 5:02.91 ruby 906 admin 20 0 265m 113m 4828 S 0 11.1 5:37.24 ruby 30484 admin 20 0 248m 91m 4256 S 6 9.0 219:02.30 delayed_job 4075 root 20 0 160m 65m 952 S 0 6.4 0:24.22 saslauthd 4080 root 20 0 162m 64m 936 S 0 6.3 0:24.48 saslauthd 4079 root 20 0 162m 64m 936 S 0 6.3 0:24.70 saslauthd 4078 root 20 0 164m 63m 936 S 0 6.2 0:24.66 saslauthd 4077 root 20 0 163m 62m 936 S 0 6.1 0:24.66 saslauthd 3718 mysql 20 0 312m 52m 3588 S 1 5.1 3499:40 mysqld 699 root 20 0 72744 7640 2164 S 0 0.7 0:00.50 ruby 15701 postfix 20 0 106m 5712 4164 S 1 0.5 0:00.50 smtpd 15702 postfix 20 0 52444 3252 2452 S 1 0.3 0:00.06 cleanup 4062 postfix 20 0 41884 3104 1788 S 0 0.3 125:26.01 qmgr 15683 root 20 0 51504 2780 2180 S 0 0.3 0:00.04 sshd 14595 postfix 20 0 52308 2548 2304 S 1 0.2 0:24.60 proxymap 15483 postfix 20 0 43380 2544 1992 S 0 0.2 0:00.38 smtp 15486 postfix 20 0 43380 2544 1992 S 0 0.2 0:00.36 smtp 15488 postfix 20 0 43380 2540 1992 S 0 0.2 0:00.38 smtp 15485 postfix 20 0 43380 2532 1984 S 0 0.2 0:00.36 smtp 15489 postfix 20 0 43380 2532 1984 S 0 0.2 0:00.40 smtp Wasn't sure what Saslauthd is, Google says it handles plantext authentication. The machine has been sending a lot of email through postfix, so this could be related. Anyone know why so many may have spun up? Are they safe to kill? Thanks!

  Read the article

• Why an empty MAIL FROM address can sent out email?

  - by garconcn

  We are using Smarter Mail system. Recently, we found that hacker had hacked some user accounts and sent out lots of spams. We have firewall to ratelimit the sender, but for the following email, the firewall couldn't do this because of the empty FROM address. Why an empty FROM address is consider OK? Actually, in our MTA(surgemail), we can see the sender in the email header. Any idea? Thanks. 11:17:06 [xx.xx.xx.xx][15459629] rsp: 220 mail30.server.com 11:17:06 [xx.xx.xx.xx][15459629] connected at 6/16/2010 11:17:06 AM 11:17:06 [xx.xx.xx.xx][15459629] cmd: EHLO ulix.geo.auth.gr 11:17:06 [xx.xx.xx.xx][15459629] rsp: 250-mail30.server.com Hello [xx.xx.xx.xx] 250-SIZE 31457280 250-AUTH LOGIN CRAM-MD5 250 OK 11:17:06 [xx.xx.xx.xx][15459629] cmd: AUTH LOGIN 11:17:06 [xx.xx.xx.xx][15459629] rsp: 334 VXNlcm5hbWU6 11:17:07 [xx.xx.xx.xx][15459629] rsp: 334 UGFzc3dvcmQ6 11:17:07 [xx.xx.xx.xx][15459629] rsp: 235 Authentication successful 11:17:07 [xx.xx.xx.xx][15459629] Authenticated as [email protected] 11:17:07 [xx.xx.xx.xx][15459629] cmd: MAIL FROM: 11:17:07 [xx.xx.xx.xx][15459629] rsp: 250 OK < Sender ok 11:17:07 [xx.xx.xx.xx][15459629] cmd: RCPT TO:[email protected] 11:17:07 [xx.xx.xx.xx][15459629] rsp: 250 OK Recipient ok 11:17:08 [xx.xx.xx.xx][15459629] cmd: DATA

  Read the article

• Why Is Web Sharing Broken on My Mac?

  - by Sam Murray-Sutton

  Background: I use my Mac for web development, running copies of web sites locally. I recently installed the Snow Leopard update, which to all intents and purposes seems to have gone fine, except... What's not working? Web-sharing; more specifically I can't turn it on via preferences. The preference pane just hangs when I try to. So Apache doesn't start on reboot. I can start Apache by hand, but I don't know enough to either setup apache to start with the computer, or to properly fix web sharing. Further details My Apache error log shows nothing on when the system boots up (as I would expect). This is the error message when I try to start web sharing from the sharing preference pane. 28/09/2009 10:58:05 System Preferences[834] setInetDServiceEnabled failed with 1 for org.apache.httpd Here's the messages given when I start apache from the command line. [Mon Sep 28 10:35:53 2009] [warn] Init: Session Cache is not configured [hint: SSLSessionCache] [Mon Sep 28 10:35:54 2009] [warn] mod_bonjour: Skipping user 'sams' - index file /Users/sams/Sites/index.html has zero length. [Mon Sep 28 10:35:54 2009] [notice] Digest: generating secret for digest authentication ... [Mon Sep 28 10:35:54 2009] [notice] Digest: done [Mon Sep 28 10:35:54 2009] [notice] Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8k DAV/2 PHP/5.3.0 Phusion_Passenger/2.2.5 configured -- resuming normal operations Please let me know if you need any further details on this. Any help would be greatly appreciated. UPDATE I have added an answer of my own below - I was able to solve it thanks to being pointed in the right direction by the comments below, so thanks very much. But I'm still not totally clear as to what caused the problem or how my solution addressed it, so I'm leaving the question open for now.

  Read the article

• SQL Server Management Studio not scripting all objects

  - by Ian Boyd

  i've been attempting to script a database using SQL Server 2005 Management Studio. i cannot get it to script some objects. It scripts others, but skips some. i can provide detailed screen shots the options being selected including all tables the folder where the script files will go the folder being empty before scripting the scripting process saying Sucess when scripting a table the destination folder no longer empty, with a hundred or so script files the script of some tables not being in the folder. And earlier SSMS would not script some views. Is this a known thing that the the Generate Scripts task does not generate scripts? Update Known issue on Microsoft Connect, but Microsoft couldn't repro the steps, so they closed closed the ticket. Fails on SQL Server 2005, also fails on SQL Server 2008. Update Two Some basic questions: 1.What version of SQL Server? Microsoft SQL Server 2000 - 8.00.194 (Intel X86) Microsoft SQL Server 2005 - 9.00.3042.00 (Intel X86) Microsoft SQL Server 2008 - 10.0.2531.0 (Intel X86) Microsoft SQL Server 2005 Management Studio: 9.00.4035.00 Microsoft SQL Server 2008 Management Studio: 10.0.1600.22 2.What O/S are you running on? Windows Server 2000 Windows Server 2003 Windows Server 2008 3.How are you logging in to SQL server? sa/password Trusted authentication 4.Have you verified your account has full access to all objects? Yes, i have access to all objects. 5.Can you use the objects that fail to script? (eg: select top(10) * from nonScriptingTable) Yes, all objects work fine. SQL Server Enterprise Manager can script the objects fine. Update Three They fail no matter what version of SQL Server you script against. It wasn't a problem in Enterprise Manager: Client Tools SQL Server 2000 SQL Server 2005 SQL Server 2008 ============ =============== =============== =============== 2000 Yes n/a n/a 2005 No No No 2008 No No No Update Four No errors found in the database using: DBCC CHECKDB go DBCC CHECKCONSTRAINTS go DBCC CHECKFILEGROUP go DBCC CHECKIDENT go DBCC CHECKCATALOG go EXECUTE sp_msforeachtable 'DBCC CHECKTABLE (''?'')' Honk if you hate SSMS.

  Read the article

• iRedMail home setup - use different SMTP relay for different destination domains

  - by John

  Hello helpful server folks, I'm messing with iRedMail. I've mostly been successful, I think I have an SMTP problem. I have changed RoundCube (webmail) to use BrightHouse's, my ISP's, SMTP server for outgoing. It works fine, I click send and poof, I have gmail. I can reply from gmail to my email server, and it works. It took 10 hours for the email to show up, which is a different problem, I think, but it does work. But when I send from my server TO my own server, my ISP's Postmaster account sends me a cryptic blurb. I just got off the phone with them, and they say it "should work", and that they can't reach my pop3 server. (pop3, pop3s, imap, and imaps are all open on my router and forwarded to the server, I'm not sure what I need, I'm just covering my bases...) pop3 and/or imap as external interfaces are just formalities, I really just want webmail to work. Roundcube only takes one SMTP server in its configs. How can I configure Postfix to relay / forward emails to my ISP's SMTP, while taking messages bound for my own domain and processing them? Since my ISP won't let me "bounce" my emails off of it. Maybe I'm vastly misunderstanding how e-mail works in general: To receive mail, I should only need port 25, SMTP, open to the internet, correct? Should I be concerned about some authentication failure from the outside to my relay? (My relay requires user/pass to use, my ISP's requires none.)

  Read the article

< Previous Page | 186 187 188 189 190 191 192 193 194 195 196 197  | Next Page >