Search Results

Search found 16455 results on 659 pages for 'hosts allow'.

Page 20/659 | < Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >

  • How to Configure Windows Machine to Allow File Sharing with DNS Alias

    - by Michael Ferrante
    I have not seen a single article posted anywhere online that brings together all the settings one would need to do to make this work properly on Windows, so I thought I would post it here. To facilitate failover schemes, a common technique is to use DNS CNAME records (DNS Aliases) for different machine roles. Then instead of changing the Windows computername of the actual machine name, one can switch a DNS record to point to a new host. This can work on Microsoft Windows machines, but to make it work with file sharing the following configuration steps need to be taken. Outline The Problem The Solution Allowing other machines to use filesharing via the DNS Alias (DisableStrictNameChecking) Allowing server machine to use filesharing with itself via the DNS Alias (BackConnectionHostNames) Providing browse capabilities for multiple NetBIOS names (OptionalNames) Register the Kerberos service principal names (SPNs) for other Windows functions like Printing (setspn) References 1. The Problem On Windows machines, file sharing can work via the computer name, with or without full qualification, or by the IP Address. By default, however, filesharing will not work with arbitrary DNS aliases. To enable filesharing and other Windows services to work with DNS aliases, you must make registry changes as detailed below and reboot the machine. 2. The Solution Allowing other machines to use filesharing via the DNS Alias (DisableStrictNameChecking) This change alone will allow other machines on the network to connect to the machine using any arbitrary hostname. (However this change will not allow a machine to connect to itself via a hostname, see BackConnectionHostNames below). Edit the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters and add a value DisableStrictNameChecking of type DWORD set to 1. Allowing server machine to use filesharing with itself via the DNS Alias (BackConnectionHostNames) This change is necessary for a DNS alias to work with filesharing from a machine to find itself. This creates the Local Security Authority host names that can be referenced in an NTLM authentication request. To do this, follow these steps for all the nodes on the client computer: To the registry subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0, add new Multi-String Value BackConnectionHostNames In the Value data box, type the CNAME or the DNS alias, that is used for the local shares on the computer, and then click OK. Note: Type each host name on a separate line. Providing browse capabilities for multiple NetBIOS names (OptionalNames) Allows ability to see the network alias in the network browse list. Edit the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters and add a value OptionalNames of type Multi-String Add in a newline delimited list of names that should be registered under the NetBIOS browse entries Names should match NetBIOS conventions (i.e. not FQDN, just hostname) Register the Kerberos service principal names (SPNs) for other Windows functions like Printing (setspn) NOTE: Should not need to do this for basic functions to work, documented here for completeness. We had one situation in which the DNS alias was not working because there was an old SPN record interfering, so if other steps aren't working check if there are any stray SPN records. You must register the Kerberos service principal names (SPNs), the host name, and the fully-qualified domain name (FQDN) for all the new DNS alias (CNAME) records. If you do not do this, a Kerberos ticket request for a DNS alias (CNAME) record may fail and return the error code KDC_ERR_S_SPRINCIPAL_UNKNOWN. To view the Kerberos SPNs for the new DNS alias records, use the Setspn command-line tool (setspn.exe). The Setspn tool is included in Windows Server 2003 Support Tools. You can install Windows Server 2003 Support Tools from the Support\Tools folder of the Windows Server 2003 startup disk. How to use the tool to list all records for a computername: setspn -L computername To register the SPN for the DNS alias (CNAME) records, use the Setspn tool with the following syntax: setspn -A host/your_ALIAS_name computername setspn -A host/your_ALIAS_name.company.com computername 3. References All the Microsoft references work via: http://support.microsoft.com/kb/ Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name Covers the basics of making file sharing work properly with DNS alias records from other computers to the server computer. KB281308 Error message when you try to access a server locally by using its FQDN or its CNAME alias after you install Windows Server 2003 Service Pack 1: "Access denied" or "No network provider accepted the given network path" Covers how to make the DNS alias work with file sharing from the file server itself. KB926642 How to consolidate print servers by using DNS alias (CNAME) records in Windows Server 2003 and in Windows 2000 Server Covers more complex scenarios in which records in Active Directory may need to be updated for certain services to work properly and for browsing for such services to work properly, how to register the Kerberos service principal names (SPNs). KB870911 Distributed File System update to support consolidation roots in Windows Server 2003 Covers even more complex scenarios with DFS (discusses OptionalNames). KB829885

    Read the article

  • How to allow wget to overwrite files

    - by Gnanam
    Using wget command, how do I allow/instruct to overwrite my local file everytime, irrespective of how many times I invoke. Let's say, I want to download a file from the location: http://server/folder/file1.html Here, whenever I say wget http://server/folder/file1.html, I want this file1.html to be overwritten in my local system irrespective of the time it is changed, already downloaded, etc. My intention/use case here is that when I call wget, I'm very sure that I want to replace/overwrite the existing file. I've tried out the following options, but each option is intended/meant for some other purpose. -nc = --no-clobber -N = Turn on time-stamping -r = Turn on recursive retrieving

    Read the article

  • Allow traffic from ssl-vpn to enter ipsec tunnel on fortigate

    - by Sascha
    we configured our FortiGate 50B to route traffic from our local net 192.168.10.* (which is our office) to a remote network 172.29.112.* using an ipsec tunnel. Everything works fine as long my computer has an ip from 192.168.10.*. We can also connect to the office network from at home using a ssl vpn connection. Once connected we receive an ip from 10.41.41.*. Now I want to allow the traffic flow from 10.41.41.* to 172.29.112.* just like it does from the office network. Could somebody point me in the right direction what I would need to do? Thanks, Sascha

    Read the article

  • Don't Allow link generates a 500 Internal Error

    - by jstawski
    I'm developing an application for Facebook using the iframe mode and ASP.NET. I'm able to use the new OAuth method that combines the allow and the extended permissions. When I click on the Allow everything works as expected, but when I click on the "Don't Allow" I get a 500 internal error. The Request For Permission url is: http://www.facebook.com/connect/uiserver.php?client_id=389845102120&scope=publish_stream%2Cuser_birthday%2Cemail&redirect_uri=http%3A%2F%2Fapps.facebook.com%2Fplumreward%2FDefault.aspx%3Fpid%3D124733857540930&display=page&next=http%3A%2F%2Fgraph.facebook.com%2Foauth%2Fauthorize_success%3Fclient_id%3D389845102120%26scope%3Dpublish_stream%252Cuser_birthday%252Cemail%26redirect_uri%3Dhttp%253A%252F%252Fapps.facebook.com%252Fplumreward%252FDefault.aspx%253Fpid%253D124733857540930%26type%3Dweb_server&cancel_url=http%3A%2F%2Fgraph.facebook.com%2Foauth%2Fauthorize_cancel%3Fclient_id%3D389845102120%26scope%3Dpublish_stream%252Cuser_birthday%252Cemail%26redirect_uri%3Dhttp%253A%252F%252Fapps.facebook.com%252Fplumreward%252FDefault.aspx%253Fpid%253D124733857540930%26type%3Dweb_server&app_id=389845102120&method=permissions.request&return_session=1&perms=publish_stream%2Cuser_birthday%2Cemail When I click don't allow it goes to http://www.facebook.com/connect/uiserver.php and then to http://graph.facebook.com/oauth/authorize_success?client_id=389845102120&scope=publish_stream%2Cuser_birthday%2Cemail&redirect_uri=http%3A%2F%2Fapps.facebook.com%2Fplumreward%2FDefault.aspx%3Fpid%3D124733857540930&type=web_server&perms&selected_profiles=567961887 with a HTTP 500 Internal Server Error. What am I doing wrong? Am I missing a setting, parameter? Is this a FB bug?

    Read the article

  • Allow and restrict remote sql server access

    - by Michel
    Hi, I want to expose my sql server instance via the internet. I've been programming asp.net to sql server for a long time, but for the first time i'm hosting the sql server myself instead of the clients server. So what i want to do is move my sql server from my dev machine at home to a virtual server (yet to hire). But of course i don't want anyone to just enter my sql server but just a few persons. So what i was thinking was to allow only a few ip addresses to the sql server instance. Can anyone tell me how i can expose my sql server to the internet and limit the access to the instance to only a few ip addresses? And ehm, if you know even better ways to secure it, i'd be happy, because this is the first time for me :) Michel

    Read the article

  • Erlang Supervisor Strategy For Restarting Connections to Downed Hosts

    - by derdewey
    I'm using erlang as a bridge between services and I was wondering what advice people had for handling downed connections? I'm taking input from local files and piping them out to AMQP and it's conceivable that the AMQP broker could go down. For that case I would want to keep retrying to connect to the AMQP server but I don't want to peg the CPU with those connections attempts. My inclination is to put a sleep into the reboot of the AMQP code. Wouldn't that 'hack' essentially circumvent the purpose of failing quickly and letting erlang handle it? More generally, should the erlang supervisor behavior be used for handling downed connections?

    Read the article

  • Allow certain users to access a specific directory?

    - by animuson
    I'm trying to figure out how to allow certain users who are also me to access a directory of files that I want to use for all of my users. I'm using cPanel and I used WHM to create three separate accounts. The files I want to use are on account1 in the directory /home/account1/public_html/source/engines and I want the directory /home/account2/public_html/source/engines to use the same exact files without having to upload them to both places every time I change them, so I created a simple symbolic link and added account2 to the group account1 (while still keeping its own group as the primary). It still gives me a Permission Denied error though. Is there any way I can grant account2 and other accounts that I create for myself access to those files? I don't want them to be global to all users because I don't want my hosted users to be able to access them, only my users. groups account1 returns account1 : account1 groups account2 returns account2 : account2 account1 /home/account1/public_html/source/engines and all its files belongs to account1:account1 Any other information you might need just ask.

    Read the article

  • Allow image upload - most efficient way?

    - by K-P
    Hey everyone, In my site, I currently only allow users to import images from other sites rather than uploading it themselves. The main reason for this is because I don't have much storage space on my host (relatively speaking). The host charges quite a bit for additional space. What are the alternatives to hosting images users upload (max 1mb size). Would it be a good idea to purchase separate cheap hosting with "unlimited space" (I know that's not true, but I'm guessing it's more than 1gb)? Or are there some caveats with this approach (e.g. security since the site should not be browsable, but accessed via another server)? Are there alternative ideas that I could employ? Thanks for any suggestions

    Read the article

  • Strategy to allow emergency access to colocation crew

    - by itsadok
    I'm setting up a server at a new colocation center half way around the world. They installed the OS for me and sent me the root password, so there's obviously a great amount of trust in them. However, I'm pretty sure I don't want them to have my root password on a regular basis. And anyway, I intend to only allow key-based login. On some cases, though, it might be useful to let their technical support log in through a physical terminal. For example, if I somehow mess up the firewall settings. Should I even bother worrying about that? Should I set up a sudoer account with a one-time password that will change if I ever use it? Is there a common strategy for handling something like this?

    Read the article

  • Windows Live Mail doesn't respond to clicking Allow Sender

    - by Karel
    This is a problem that I experience for a couple of years now.. I'm having the latest version of Windows Live Mail. The overall behavior works just fine, but when I want to click 'Allow Sender' in the yellow bar above my e-mail, the text button does nothing. My mouse pointer turns into a finger hand, but the click event does nothing.. Sometimes with other e-mails, the button works and the yellow bar dissappears.. I have also experienced this in previous versions of Windows Live Mail.. Does anybody know what it could be..

    Read the article

  • How to allow program updates without prompting UAC?

    - by Ryan Mortier
    We have about 15-20 users who have this software installed. We have UAC enabled through GPO as you should, which means the software prompts for admin approval if a standard user trys to install it. Thats fine, they can call the help desk to have the software installed. My problem is, our help desk is being bombarded every day because users can't update the software and there are updates almost every day which is prompting UAC. Using procmon.exe to find out where it was trying to write to, I then created a GPO to allow file permission access to the program files folder for this particular software, including the program data folder, but it still prompts for admin approval. It seems as though that the software is using msiexec.exe to run a .msp patch file. The only "ACCESS DENIED"s I can still see in procmon is things like this: What can I possibly do to stop this software from prompting UAC with admin password credentials aside from disabling UAC?

    Read the article

  • Only allow certain processes to connect to MS SQL

    - by Fred
    I've lost the source code for a very old application that connects to a MS SQL-server for some SQL queries. Since the login is hard-coded in the application I can't change the username/password on the server. One day the password will probably be known to the users and we surely need to change it. But how? One idea is to only allow the old application to do the queries on the SQL server and block out any other application like the query analyzer etc. Can I set process permission somehow? The SQL server (MS SQL 2005) and application (C++) are on the same machine It's too costly to rewrite the old program Thanks for help!

    Read the article

  • Reading cookies across different hosts

    - by Thinker
    I have two sites - both are my projects. On site two, I need to check if the user is logged in on site one. I suppose to do this I should just create a script that puts a cookie into the body of an iframe and then read the iframe contents on site two. But I can't. Here is a code I made for testing purposes: http://jsbin.com/oqaza/edit I got an error, that says: "Permission denied for <http://jsbin.com to get property HTMLDocument.nodeType from <http://www.google.com."

    Read the article

  • How to configure firewall to allow using a specific port

    - by user174416
    I am trying to make tcp ip connection to a server xxx.xxx.xxx.xxx with port xxxx. But I am getting error message "10061 connection refused". I think firewall on the server is stopping my program to access that port. How can I configure the firewall of server to allow my program to use that port. I had asked this question on stackoverflow (http://stackoverflow.com/questions/13448429/socket-error-while-making-tcp-ip-connection-in-delphi) where I was suggested to ask it on super user. Please provide me any solution....

    Read the article

  • Configuring linux server firewall to allow access from a certain range of IP addresses

    - by eggman20
    Hi Guys, I'm new to linux server. I'm currently trying to get an Ubuntu 10.10 server up and running for the first time and I'm using Webmin for administration. I'm stuck on the setting up the firewall. What I need to do is to ONLY allow a range of IPs (e.g 128.171.21.1 - 128.171.21.100) to access the HTTP server and Webmin. I've seen a lot of tutorials but none of them fits what I needed. Thanks in advance!

    Read the article

  • Windows 7 VPN wont allow FTP, route FTP traffic through local network

    - by Rolf Herbert
    I use a VPN on my windows 7 PC for privacy and currently route all my traffic through the VPN. This arrangement is fine and its plenty fast. Unfortunately the VPN does not allow any FTP traffic so when I am updating websites I have to disconnect the VPN and work through my local connection. This is annoying and cumbersome. I have read a little about split tunnelling but this is not quite what I need, and it often talks about 'internet' traffic which is not specific to certain IPs or ports. Is it possible to route traffic on certain ports through the local connection, or is it possible to route traffic on certain IPs through the local connection using stuff built into windows 7..? Thanks

    Read the article

  • Iptables Allow MYSQL server incoming requests

    - by thompatry
    I am trying to get my new MediaWiki server to allow connections to our MySql Server and right now I cannot get my iptables firewall set up right for this. The rule I am applying is the following iptables -A INPUT -p tcp -d 129.130.155.39 --dport 3306 -j ACCEPT # MySQL But my iptables log is still show that the connections can not be established and is being blocked/denied. Nov 21 09:48:39 hds-it kernel: Firewall Deny: [OUTPUT] IN= OUT=eth1 SRC=129.130.155.210 DST=129.130.155.39 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29232 DF PROTO=TCP SPT=58862 DPT=3306 SEQ=914529531 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A03BCF2BC0000000001030307) When I turn off iptables, everything works as it should including editing the wiki database. What am I doing wrong with my rule.

    Read the article

  • Jetty 7 will not allow me to customize a session cookie path

    - by Bob Obringer
    Using Jetty 7.0.2, I am unable to set a custom session cookie path. I am hosting multiple sites on the same server using apache to proxy requests to the proper context. (replaced http as htp as stackoverflow thinks my multiple links might be spam) <VirtualHost *:80> ServerName context.domain.com ProxyRequests On ProxyPreserveHost Off <Proxy *:80> Order deny,allow Allow from 127.0.0.1 </Proxy> ProxyPass / htp://localhost:8080/context/ ProxyPassReverse / htp://localhost:8080/context/ <Location /> Order allow,deny Allow from all </Location> </VirtualHost> Jetty is running on the same server on port 8080 and my context is available @ /context The user accesses the application @ htp://context.domain.com but jetty is setting the path for the session cookie @ /context. This prevents the browser from accessing the cookie since the the actual path to the context is not being used. I need to override Jetty's default setting to set the cookie for the context, and set the path at the root ( / ). In my Jetty's webdefault.xml I have the following, which is partially working: <context-param> <param-name>org.eclipse.jetty.servlet.SessionCookie</param-name> <param-value>CustomCookieName</param-value> </context-param> <context-param> <param-name>org.eclipse.jetty.servlet.SessionPath</param-name> <param-value>/</param-value> </context-param> The cookie is properly set with a custom name, but it is NOT setting the SessionPath. No matter what I set the value to... it refuses to set a cookie at any path but /context. This has been driving me crazy so any help would be greatly appreciated.

    Read the article

  • Do most shared hosts handle gzipped files?

    - by Matrym
    I get them theoretically, but I'm grappling with gzipping files in practice. How should I go about gzip compressing my files, and what needs to be done in order to use them on a shared host? Would the following work? RewriteEngine On RewriteBase / RewriteCond %{HTTP:Accept-Encoding} .*gzip.* RewriteRule ^/(.*)\.js$ /$1.js.gz [L] RewriteRule ^/(.*)\.css$ /$1.css.gz [L] AddEncoding x-gzip text.gz

    Read the article

  • Block (or only allow certian) incoming IP addresses on Verizon FIOS Actiontec Router

    - by jmlumpkin
    I opened a few ports to the outside of my home network so I can get into a few of my machines from outside. When checking some logs, I noticed that I was getting scanned on some ports from various other countries. I already moved my port forward to a non-standard port. I would like to be able to block specific IP's (or even subnets) from my Verizon FIOS router. There is a little bit of documentation online, but I can't find anything specific on how to do this. To start, I just want to block a specific IP. But if it is not to hard, I would also like to know how to possibly block a range of IPs. And with the inverse of this - is there a way to allow only certain IPs or range?

    Read the article

  • configuring linux server firewall to allow acces on a certain range of IP addresses

    - by eggman20
    Hi Guys, I'm new to linux server. I'm currently trying to get an Ubuntu 10.10 server up and running for the first time and I'm using Webmin for administration. I'm stuck on the setting up the firewall. What I need to do is to ONLY allow a range of IPs (e.g 128.171.21.1 - 128.171.21.100) to access the HTTP server and Webmin. I've seen a lot of tutorials but none of them fits what I needed. Thanks in advance!

    Read the article

  • configuring linux server firewall to allow acces on a certain range of IP addresses

    - by eggman20
    Hi Guys, I'm not sure if this is the right place to ask this but I'm currently trying to get an Ubuntu 10.10 server up and running for the first time and I'm using Webmin for administration. I'm stuck on the setting up the firewall. What I need to do is to ONLY allow a range of IPs (e.g 128.171.21.1 - 128.171.21.100) to access the HTTP server and Webmin. I've seen a lot of tutorials but none of them fits what I needed. Thanks in advance!

    Read the article

  • iptables, allow access from certain MAC addresses

    - by user788171
    Presently, I limit which clients can access my server by using IP addresses via iptables, only approved IP addresses can connect. However, the problem with this is if a client is on a laptop and goes to a different location, they can no longer connect because the IP has changed. For a variety of reasons, iptables authentication is the only option I have. Is there a way to restrict access by device instead of ip address. For instance, only allow certain MAC address to connect to port 5000. Is it possible to do this via iptables? Note, the computers are not on the same network, they could be connecting from anywhere in the world.

    Read the article

  • Allow connection to certain port from specified domain

    - by Scott
    I got two domains, which are pointing on the same IP address, I can use both to connect to the server or certain port (TeamSpeak), the problem is that I would like the only one domain from those two to be working while connecting to a certain port. Eg. example.com points at the 11.22.33.44 -- allow connection to the certain port from this domain. sample.com points at the 11.22.33.44 -- disallow connection to the port specified above from this domain. I know this would be possible for the IP addresses, but would it be possible for the domains?

    Read the article

< Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >