Search Results

Search found 13256 results on 531 pages for 'password policy'.

Page 196/531 | < Previous Page | 192 193 194 195 196 197 198 199 200 201 202 203  | Next Page >

• ssh through a bastion machine works on someone else's desktop but not my own

  - by Terrence Brannon

  I have to ssh into a bastion (jump) server in order to get to the final server. On the jump server, my .ssh/config says: Host * ForwardAgent yes My co-worker uses PuTTy and Pageant. When I use a putty shell to connect from his desktop to the final server as root via the jump server, it works fine. At my desk I cannot connect to the final server, only the jump server. However, if I go to his desk, and successfully log into the final server via the jump server, I can then go back to my desk and also do so.... but after a certain amount of time, my shells revert to the original behavior of not connecting to final server via jump server. The entire transcript of ssh -v -v -v final_server is here The relevant part to me is when the public key is offered but then it says 'we did not send a packet': debug1: Offering public key: /home/CORP/t.brannon/.ssh/id_dsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password debug2: we did not send a packet, disable method debug3: authmethod_lookup password

  Read the article

• Is this a common/bug on this PPPoE setting for Cisco ASA 5505?

  - by DCAlliances

  We have to change the way the firewall setup due to we've changed the internet provider. The way we setup we have ADSL modem and we have to do a full bridge mode and the firewall configuration has to change from Static IP to Use PPPoE option on Outside interface with PPPoE username and password, CHAP authentication, WAN IP and WAN subnet mask. [See the attachment] It's been working ok with the use of PPPoE option however the issue is that if we un-plug the power cable of the firewall. This "Outside" interface turned to blank - NO WAN IP, PPPoE username and password. So basically, we have to retype this information again. Is this common or a bug? Any ideas? Thanks

  Read the article

• Keeping file for personal use with GPG

  - by trixcit

  I have a small text file with personal (sensitve) information. I'm currently encrypting/decrypting it with the Makefile, as described on http://www.madboa.com/geek/gpg-quickstart/ ; relevant section is edit: @umask 0077;\ $(GPG) --output $(FILEPLAIN) --decrypt $(FILECRYPT) @emacs $(FILEPLAIN) @umask 0077;\ $(GPG) --encrypt --recipient $(GPGID) $(FILEPLAIN) @$(RM) $(FILEPLAIN) view: @umask 0077; $(GPG) --decrypt $(FILECRYPT) | less this works fine for viewing, but not for editting: I first have to enter my password, then edit the file, but to encrypt it afterwards I again have to enter my password twice (and it's a long one). Is there a better way to do this?

  Read the article

• SMTP authentication error using PHPMailer

  - by Javier

  I am using PHPMailer to send a basic form to an email address but I get the following error: SMTP Error: Could not authenticate. Message could not be sent. Mailer Error: SMTP Error: Could not authenticate. SMTP server error: VXNlcm5hbWU6 The weird thing is that if I try to send it again, IT WORKS! Every time I submit the form after that first error it works. But if I leave it for a few minutes and then try again I get the same error again. The username and password have to be right as sometimes it works fine. I even created the following (very basic) script just to test it and I got the same result <?php require("phpmailer/class.phpmailer.php"); $mail = new PHPMailer(); $mail->IsSMTP(); $mail->Host = "smtp.host.com"; $mail->SMTPAuth = true; $mail->Username = "[email protected]"; $mail->Password = "password"; $mail->From = "[email protected]"; $mail->FromName = "From Name"; $mail->AddAddress("[email protected]"); $mail->AddReplyTo("[email protected]"); $mail->IsHTML(true); $mail->Subject = "Here is the subject"; $mail->Body = "This is the HTML message body <b>in bold!</b>"; $mail->AltBody = "This is the body in plain text for non-HTML mail clients"; if(!$mail->Send()) { echo "Message could not be sent. <p>"; echo "Mailer Error: " . $mail->ErrorInfo; exit; } echo "Message has been sent"; ?> I don't think this is relevant, but I just changed my hosting to a Linux shared server. Any idea why this is happening? Thanks! ***UPDATED 02/06/2012 I've been doing some tests. The results: I tested the script in an IIS server and it worked fine. The error seems to happen only in the Linux server. Also, if I use the gmail mail server it works fine in both, IIS and Linux. Could it be a problem with the configuration of my Linux server??

  Read the article

• Configuring jdbc-pool (tomcat 7)

  - by john

  i'm having some problems with tomcat 7 for configuring jdbc-pool : i`ve tried to follow this example: http://www.tomcatexpert.com/blog/2010/04/01/configuring-jdbc-pool-high-concurrency so i have: conf/server.xml <GlobalNamingResources> <Resource type="javax.sql.DataSource" name="jdbc/DB" factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://localhost:3306/mydb" username="user" password="password" /> </GlobalNamingResources> conf/context.xml <Context> <ResourceLink type="javax.sql.DataSource" name="jdbc/LocalDB" global="jdbc/DB" /> <Context> and when i try to do this: Context initContext = new InitialContext(); Context envContext = (Context)initContext.lookup("java:/comp/env"); DataSource datasource = (DataSource)envContext.lookup("jdbc/LocalDB"); Connection con = datasource.getConnection(); i keep getting this error: javax.naming.NameNotFoundException: Name jdbc is not bound in this Context at org.apache.naming.NamingContext.lookup(NamingContext.java:803) at org.apache.naming.NamingContext.lookup(NamingContext.java:159) pls help tnx

  Read the article

• Double MySQL Running on Mountain Lion

  - by Norris

  After I've done a full restart, my Apache PHP server doesn't connect to Local MySQL ( connecting via 127.0.0.1 because localhost for some reason fails always ). So I did this today: ? ~ mysqladmin shutdown -u root -p Enter password: ? ~ mysqladmin shutdown -u root -p Enter password: mysqladmin: connect to server at 'localhost' failed error: 'Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)' Check that mysqld is running and that the socket: '/tmp/mysql.sock' exists! Which basically means that I succeeded in shutting down mysql. But as soon as I did - Apache PHP successfully connect to MySQL and my local sites work without a hiccup until the next restart. Here are a few other details: (as you can tell - I've installed MySQL via brew) ? ~ sudo ps aux | grep mysql N 4774 0.0 0.0 2432768 620 s000 S+ 9:53AM 0:00.00 grep mysql N 4772 0.0 2.6 3030168 440688 ?? S 9:51AM 0:00.29 /usr/local/Cellar/mysql/5.6.13/bin/mysqld --basedir=/usr/local/Cellar/mysql/5.6.13 --datadir=/usr/local/var/mysql --plugin-dir=/usr/local/Cellar/mysql/5.6.13/lib/plugin --bind-address=127.0.0.1 --log-error=/usr/local/var/mysql/N.local.err --pid-file=/usr/local/var/mysql/N.local.pid N 4686 0.0 0.0 2433432 1000 ?? S 9:51AM 0:00.01 /bin/sh /usr/local/opt/mysql/bin/mysqld_safe --bind-address=127.0.0.1 N 4362 0.0 2.7 3120276 458728 ?? S 9:47AM 0:00.45 mysqld ? ~ lsof -i | grep mysql mysqld 4362 N 16u IPv6 0x76959e40691f9f93 0t0 TCP *:mysql (LISTEN) This is the weird thing: ? ~ killall -9 mysqld MySQL Is dead! Apache doesn't connect. Then, when I run: ? ~ sudo mysqladmin shutdown -u root -p Enter password: Apache is (again) able to successfully connect to MySQL. As far as I understand this means that I have two mysql servers setup and both of them are trying to start up at the same time, but I don't have the slightest idea on how to fix it. I've tried brew reinstalling but that didn't help. ? ~ which mysqladmin /usr/local/bin/mysqladmin ? ~ whence -p mysql /usr/local/bin/mysql

  Read the article

• OS X SMB Connection to Windows Server 2008 R2

  - by Tawm

  I support many Macs that connect to an SMB share on a Windows Server 2008 R2 box. Occasionally I find that the Mac will try to connect and fail. The connection process will skip asking for credentials and there are none stored in keychain's password section. The server logs will show that the user tried to authenticate with invalid credentials. There are also no lingering connections from the server's point of view. The work around that I've found is to use an invalid username or a username that isn't the user's in the connection string for SMB so smb://domain;user@server/share instead of 'smb://server/share' this will force it to use the username I specified which the client doesn't have anything stored for. So it will then pop up the login window where the user changes the username to the correct one and user her password to connect happily. Specific computer in question: 15" MBP running Snow Leopard (10.6.7 or 10.6.8)

  Read the article

• Access denied to mysql cause by invalid server hostname bind address

  - by Mark

  I cannot login to mysql using the terminal. [root@fst mysql]# mysql -h localhost -u admin -p Enter password: ERROR 1045 (28000): Access denied for user 'admin'@'localhost' (using password: YES) I am sure I have the correct password. The mysql is also running when I check status. The mysql database is also present in the directory /var/lib/mysql/. The host host.myi, host.myd and host.frm are present. By the way this a related to question on my previous problem MySQL server quit without updating PID file . Initially the problem arise when the root directory was full. To be able to login to directadmin and start mysql, I added a soft link of the /var/lib/mysql/ to /home/mysql. Since my database used up the most of the root directory. The root directory has 50Gb and /home has 1.5Gb. Somehow the /var/lib/mysql/idbdata1 is corrupted. So I move it to another location. Now, I can start the mysql server but I cannot login into it. Below are the contents from the myql logs. 121212 20:44:10 mysqld_safe mysqld from pid file /var/lib/mysql/fst.srv.net.pid ended 121212 20:44:10 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql 121212 20:44:10 [Note] Plugin 'FEDERATED' is disabled. 121212 20:44:10 InnoDB: The InnoDB memory heap is disabled 121212 20:44:10 InnoDB: Mutexes and rw_locks use GCC atomic builtins 121212 20:44:10 InnoDB: Compressed tables use zlib 1.2.3 121212 20:44:10 InnoDB: Using Linux native AIO 121212 20:44:10 InnoDB: Initializing buffer pool, size = 128.0M 121212 20:44:10 InnoDB: Completed initialization of buffer pool 121212 20:44:10 InnoDB: highest supported file format is Barracuda. 121212 20:44:11 InnoDB: Waiting for the background threads to start 121212 20:44:12 InnoDB: 1.1.8 started; log sequence number 1595675 121212 20:44:12 [Note] Server hostname (bind-address): '0.0.0.0'; port: 3306 121212 20:44:12 [Note] - '0.0.0.0' resolves to '0.0.0.0'; 121212 20:44:12 [Note] Server socket created on IP: '0.0.0.0'. 121212 20:44:12 [Note] Event Scheduler: Loaded 0 events 121212 20:44:12 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.5.27-log' socket: '/var/lib/mysql/mysql.sock' port: 3306 MySQL Community Server (GPL) I guess there is something wrong with the bind address. How should I fix the problem?

  Read the article

• Windows 7 and Vista Home Networked-Unable to login from Vista to Windows 7

  - by Lynn

  I set up both Vista and Windows 7 on the same workgroup. I can view Windows 7 from Vista and vice versa. I can login into Vista from Windows 7. I am unable to login to Windows 7 from Vista. When I enter the Windows 7 User name and Password on Vista, the following information appears: Logon unsuccessful: Windows is unable to log you on. Be sure that your user name and password are correct. Both are correct. Do you have any idea how I can resolve this logon issue? Thank you, Lynn

  Read the article

• FileZilla Server Configuration Problems

  - by LiamB

  I've set-up FileZilla server a Windows 2008 Machine, I then created the user, password and added a share folder which I set to Home Directory. I then connect to the server from the client computer Status: Connecting to {IP} Status: Connection established, waiting for welcome message... Response: 220-Welcome To {NAME} FTP Response: 220 {DOMAIN} Command: USER {USER} Response: 331 Password required for {USER} Command: PASS ********* Response: 230 Logged on Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I Command: PASV Response: 227 Entering Passive Mode ({}DATA) Command: MLSD The connection works fine, however no remote directory is selected, it shows as "/" however uploading any file fails. Any suggestions on how to debug this more?

  Read the article

• Mysql install and remove issues

  - by Matt

  I installed mysql on ubuntu server and i dont know what went wrong...it didnt install a mysql root user so i tried to uninstall and start over and now i cant unistall i tried this apt-get remove php5-mysql apt-get remove mysql-server mysql-client apt-get autoremove but when i do ps aux | grep mysql root 6066 0.0 0.0 1772 540 pts/1 S 03:21 0:00 /bin/sh /usr/bin/mysqld_safe mysql 7065 0.0 0.6 58936 11900 pts/1 Sl 03:33 0:00 /usr/sbin/mysqld -- basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid -- socket=/var/run/mysqld/mysqld.sock --port=3306 root 7066 0.0 0.0 2956 688 pts/1 S 03:33 0:00 logger -t mysqld -p daemon.error root 22804 0.0 0.0 3056 780 pts/1 R+ 04:14 0:00 grep mysql so i killed the processes and then tried to reinstall like this apt-get -f install sudo apt-get install mysql-server mysql-client sudo mysqladmin -u root -h localhost password 'root' but i get this mysqladmin: connect to server at 'localhost' failed error: 'Access denied for user 'root'@'localhost' (using password: NO)' im confused..i keep installing and uninstalling mysql and the same result..any ideas

  Read the article

• Connecting Snow Leopard 10.6.4 to a Linux shared folder using Samba

  - by Vittorio Vittori

  Hi, I'm trying to connect to a web server running on Linux CentOS 5.5 where I've shared a folder. I'm trying to connect to the directory with Snow Leopart 10.6.4 client without success. On CentOS I've started the Samba service and a Samba user with his password and then I've tried to connect to the server with the command smb://10.0.0.7 to reach the IP of the machine and then writing the username and password I've previously created. The server returns me the list of the shared folders with the leopard specific browser, when I click to the folder I want the browser returns this error (translated from Italian): Leopard message: Connection failed There was an error on connecting to "smb://10.0.0.7". Please verify the name or the IP of the server, and try again. How can I do to solve the connection problem?

  Read the article

• Need help connecting to NAS externally-port forwarding and DDNS newbie

  - by Joel

  Hi folks, I just picked up a synology NAS, and I'm loving it for internal use, but I want to be able to access the NAS externally-both from my iPhone (3G) and from the net. I have a Linksys WRT54G-TM router. My first question is whether I have set up the dyndns correctly. On my computer that is on my network, if I put in mydomain.dyndns.org, I am taken to a password popup and when I enter my router login and password, my router admin page opens up. On the same computer, I get the same results if I use my external IP address, and if I use my internal IP 192.168.0.1 So that is all as expected. However, when I go to my iphone and turn off wifi, and try to connect with 3g to the external IP or the dnydns domain, I just get an error "Safari could not open the page because the server stopped responding". What's up?

  Read the article

• security issue of Linux sudo command?

  - by George2

  Hello everyone, 1. I am using Red Hat Enterprise 5 Linux box. I find if a user is in /etc/sudoers file, then if the user run command with sudo, the user will run this command with root privilege (without knowing root password, the user runs sudo only need to input the user's own password in order to run a command with sudo). Is that correct understanding? 2. If yes, then is it a security hole? Since users other than root could run with root privilege? thanks in advance, George

  Read the article

• BlueCoat reverse proxy NTLM authentication

  - by mathieu

  Currently when we want to access an internal site from Internet (IIS with NTLM auth), we have two login screens that appear : step1 : LDAPAuth, from the BlueCoat that check login/password validity against Active Directory step2 : NTLM auth, from our application. Is it possible to configure the reverse proxy to use the LDAP credentials provided at step1, and give them to whatever application that requests them ? Of course, if those credentials aren't valid, nothing happens. We're using BlueCoat SG400. Update : we're not looking for SSO where the user doesn't have to enter a password. We want the user to enter his domain credentials in the LDAPAuth dialog box, and the proxy to reuse it to authenticate against our application. Or any application that uses NTLM. We've only got 1 AD domain behind the reverse proxy.

  Read the article

• Cyrus: How Do I Configure saslauthd For Authentication?

  - by Nick

  I'm trying to get Cyrus IMAP (v 2.2 on Ubuntu 9.04) setup and working, but I'm having a bit of trouble getting the login working correctly. I've created a mailbox for my test user "nrahl": cm user/nrahl and then created a password: $ saslpasswd2 nrahl I'm attempting to connect to the mailbox using Thunderbird. I'm using the machine's LAN IP address as the host, and "nrahl" as the username. It connects to the server and prompts me for the password. When I enter it, I get "Login to server failed." in Thunderbird, and /var/log/mail.log shows: Apr 15 19:20:01 IMAP cyrus/imap[1930]: accepted connection Apr 15 19:20:09 IMAP cyrus/imap[1930]: badlogin: [192.168.5.21] plaintext nrahl SASL(-13): authentication failure: checkpass failed Part of /etc/imapd.conf with comments removed: sieveusehomedir: false sievedir: /var/spool/sieve #mailnotifier: zephyr #sievenotifier: zephyr #dracinterval: 0 #drachost: localhost hashimapspool: true allowplaintext: yes sasl_mech_list: PLAIN #allowapop: no #sasl_maximum_layer: 256 #loginrealms: example.com #virtdomains: userid #defaultdomain: sasl_pwcheck_method: saslauthd #sasl_auxprop_plugin: sasldb sasl_auto_transition: no UPDATE: When setting: sasl_pwcheck_method: alwaystrue in /etc/imapd.conf, login works correctly. So I'm assuming the issue is saslauthd related.

  Read the article

• Cannot log on to a remote server using rdp from windows 7 machine when I am remotley connected to th

  - by Gary

  Bear withe me, here is my set up. I use my 27" iMac 3.06GHz Core 2 Duo 4GB Ram to connect to my work desktop running Windows 7. From there I can administer other remote servers. Here is the problem. Using the Remote Desktop Client on my Mac I can connect to my work machine no problem. But when I then use the work machine to open a remote desktop session with another Windows server (usually SBS 2003 but applies to all) I get the log in prompt, I enter the user name password ensure i'm connecting to the domain, but it wont log me in. The error message is the same, as though I had typed the wrong password (i know this is not the case). Does anyone have a solution? Thanks in advance. Gary

  Read the article

• how to enable remote access to a MySQL server on an AZURE virtual machine

  - by Rees

  I have an AZURE virtual machine with a MySQL server installed on it running ubuntu 13.04. I am trying to remote connect to the MySQL server however get the simple error "Can't connect to MySQL server on {IP}" I have already done the follow: * commented out the bind-address within the /etc/mysql/my.cnf * commented out skip-external-locking within the same my.cnf * "ufw allow mysql" * "iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT" * setup an AZURE endpoint for mysql * "sudo netstat -lpn | grep 3306" does indeed show mysql LISTENING * "GRANT ALL ON *.* TO remote@'%' IDENTIFIED BY 'password'; * "GRANT ALL ON *.* TO remote@'localhost' IDENTIFIED BY 'password'; * "/etc/init.d/mysql restart" * I can connect via SSH tunneling, but not without it * I have spun up an identical ubuntu 13.04 server on rackspace and SUCCESSFULLY connected using the same procedures outlined here. NONE of the above works on my azure server however. I thought the creation of an endpoint would work, but no luck. Any help please? Is there something I'm missing entirely?

  Read the article

• ReadyNAS issue with Google Apps?

  - by Jauder Ho

  The power went out (again) in my house today so I decided to set up some alerting. Since I have a ReadyNAS and the latest version of Raidinator seems to have SMTP TLS support, I figured I would try setting things up to email to a domain I have hosted on Google Apps. At this point, I have everything working IF I use a Gmail account but as soon as I switch to a Google Apps email address, it stops working and complains with smtpstatus=535 smtpmsg='535-5.7.1 Username and Password not accepted. Learn more at \n535 5.7.1 http://mail.google.com/support/bin/answer.py?answer=14257 30sm16076226wfd.23' errormsg='authentication failed (GNU SASL, method PLAIN)' exitcode=EX_NOPERM I'm wondering if anyone else has encountered this. Google's extremely aggressive captcha does not help but I am able to log in now without a captcha from a browser so I'm open to any ideas why the simple switch of a user/password combo that is supposed to work does not. I'm also attaching my config so that others can see how to set things up.

  Read the article

• ProFTPd with sftp first login fails, seconds succeeds

  - by Nahrub

  We are working with ProFTPd and SFTP module enabled. We have a problem with using the sftp module. When we try to connect to server in FileZilla we need to enter the password to the server twice, upon connection and upon each file upload, which is very undesired. How can we help this? any idea's? suggestions? when we use the interactive login type in FileZilla, it works when we enter the username and password twice.

  Read the article

• Digest authentication not working: endless cycles of asking for user/pass

  - by bcmcfc

  I'm trying to setup my SVN repository for access remotely. In doing so I have some settings under Apache's dav_svn.conf file. When navigating to hostname/svn, or using Tortoise to do the same it prompts for the user name and password as expected. However, when entering the correct user name and pass that were set in the password file linked to under AuthUserFile it just asks for the credentials again. I think I'm probably missing something simple? The server is running Ubuntu Server 9.10. Accessing SVN remotely does currently work if the authentication lines of dav_svn.conf are commented out. These are the contents of the dav_svn.conf file: <Location /svn> DAV svn SVNPath /home/svn/repo AuthType Digest AuthName "Subversion Repository" AuthDigestDomain /svn/ AuthUserFile /etc/svn_authfile Require valid-user </Location>

  Read the article

• What changes can be made to a Microsoft Account using net user on Windows 8?

  - by nhinkle

  In Windows 8, you can log on with a local account or with a Microsoft Account. Both types show up in the Users control panel, but there are different options that you can change for each type. An administrator can change basically any aspect of a local user - name, password, access level, etc. For a Microsoft Account, you can only change the access level (admin/standard) or remove the account. From the command line though, there don't appear to be any restrictions on what you can do a Microsoft Account. Using the net user tool or the Local Users and Groups MMC snap-in, it looks like an administrator would be able to change the password, display name, profile path, etc. of Microsoft Accounts (as well as local accounts of course). Will these commands actually work when applied to a Microsoft Account? Will using them in some way break the link to the Microsoft Account, or will nothing happen at all? I'm hesitant to test since I don't want to mess up my account permanently.

  Read the article

• Samba - permission issue

  - by user88432

  I am trying to get samba to work properly... I have a "Movies" share (//server/Movies), I want only root account to be able to upload and delete. Guest can view "Movies" share without password/login but they cant delete/update (only view). [Movies] path = /mnt/user/Movies browsable = yes public = yes writable = no write list = root guest ok = yes I can access to Movies share as guest but when I try to add new file I get an error saying: "You need permission to perform this action" I expected username/password to popup but it didn't, how to fix this?

  Read the article

• Configuring WPA2-Enterprise with Freeradius

  - by Vincent O.

  I'm trying to set up an authenticated wifi network with Freeradius. I've managed to get things working using self-signed certs etc. The problem is Windows clients need to uncheck the "Automatically use my windows logon name and password [etc.]" option in the MSCHAPv2 settings. When I connect to my local university with Eduroam, it automatically asks for a username and password instead of sending windows login credentials. How did the sysadmins accomplish this? Is it some kind of RADIUS Attribute that gets sent back?

  Read the article

• NetApp erroring with: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT

  - by Sobrique

  Since a sitewide upgrade to Windows 7 on desktop, I've started having a problem with virus checking. Specifically - when doing a rename operation on a (filer hosted) CIFS share. The virus checker seems to be triggering a set of messages on the filer: [filerB: auth.trace.authenticateUser.loginTraceIP:info]: AUTH: Login attempt by user server-wk8-r2$ of domain MYDOMAIN from client machine 10.1.1.20 (server-wk8-r2). [filerB: auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- attempting authentication with domain controller \\MYDC. [filerB: auth.trace.authenticateUser.loginRejected:info]: AUTH: Login attempt by user rejected by the domain controller with error 0xc0000199: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT. [filerB: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: Delaying the response by 5 seconds due to continuous failed login attempts by user server-wk8-r2$ of domain MYDOMAIN from client machine 10.1.1.20. This seems to specifically trigger on a rename so what we think is going on is the virus checker is seeing a 'new' file, and trying to do an on-access scan. The virus checker - previously running as LocalSystem and thus sending null as it's authentication request is now looking rather like a DOS attack, and causing the filer to temporarily black list. This 5s lock out each 'access attempt' is a minor nuisance most of the time, and really quite significant for some operations - e.g. large file transfers, where every file takes 5s Having done some digging, this seems to be related to NLTM authentication: Symptoms Error message: System error 1808 has occurred. The account used is a computer account. Use your global user account or local user account to access this server. A packet trace of the failure will show the error as: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT (0xC0000199) Cause Microsoft has changed the functionality of how a Local System account identifies itself during NTLM authentication. This only impacts NTLM authentication. It does not impact Kerberos Authentication. Solution On the host, please set the following group policy entry and reboot the host. Network Security: Allow Local System to use computer identity for NTLM: Disabled Defining this group policy makes Windows Server 2008 R2 and Windows 7 function like Windows Server 2008 SP1. So we've now got a couple of workaround which aren't particularly nice - one is to change this security option. One is to disable virus checking, or otherwise exempt part of the infrastructure. And here's where I come to my request for assistance from ServerFault - what is the best way forwards? I lack Windows experience to be sure of what I'm seeing. I'm not entirely sure why NTLM is part of this picture in the first place - I thought we were using Kerberos authentication. I'm not sure how to start diagnosing or troubleshooting this. (We are going cross domain - workstation machine accounts are in a separate AD and DNS domain to my filer. Normal user authentication works fine however.) And failing that, can anyone suggest other lines of enquiry? I'd like to avoid a site wide security option change, or if I do go that way I'll need to be able to supply detailed reasoning. Likewise - disabling virus checking works as a short term workaround, and applying exclusions may help... but I'd rather not, and don't think that solves the underlying problem. EDIT: Filers in AD ldap have SPNs for: nfs/host.fully.qualified.domain nfs/host HOST/host.fully.qualified.domain HOST/host (Sorry, have to obfuscate those). Could it be that without a 'cifs/host.fully.qualified.domain' it's not going to work? (or some other SPN? ) Edit: As part of the searching I've been doing I've found: http://itwanderer.wordpress.com/2011/04/14/tread-lightly-kerberos-encryption-types/ Which suggests that several encryption types were disabled by default in Win7/2008R2. This might be pertinent, as we've definitely had a similar problem with Keberized NFSv4. There is a hidden option which may help some future Keberos users: options nfs.rpcsec.trace on (This hasn't given me anything yet though, so may just be NFS specific). Edit: Further digging has me tracking it back to cross domain authentication. It looks like my Windows 7 workstation (in one domain) is not getting Kerberos tickets for the other domain, in which my NetApp filer is CIFS joined. I've done this separately against a standalone server (Win2003 and Win2008) and didn't get Kerberos tickets for those either. Which means I think Kerberos might be broken, but I've no idea how to troubleshoot further. Edit: A further update: It looks like this may be down Kerberos tickets not being issued cross domain. This then triggers NTLM fallback, which then runs into this problem (since Windows 7). First port of call will be to investigate the Kerberos side of things, but in neither case do we have anything pointing at the Filer being the root cause. As such - as the storage engineer - it's out of my hands. However, if anyone can point me in the direction of troubleshooting Kerberos spanning two Windows AD domains (Kerberos Realms) then that would be appreciated. Options we're going to be considering for resolution: Amend policy option on all workstations via GPO (as above). Talking to AV vendor about the rename triggering scanning. Talking to AV vendor regarding running AV as service account. investigating Kerberos authentication (why it's not working, whether it should be).

  Read the article

< Previous Page | 192 193 194 195 196 197 198 199 200 201 202 203  | Next Page >