Search Results

Search found 1466 results on 59 pages for 'authenticate'.

Page 26/59 | < Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33  | Next Page >

  • Squid, NTLM, Windows 7 and IE8

    - by Harley
    I'm running Squid 2.7-stable4, Samba 3 and the Windows 7 RC with IE8. I have NTLM authentication setup on my squid proxy server and it works fine for every combination of browser and Windows (including IE8 on XP and Firefox on Win7), but it doesn't work (keeps asking for authentication) for IE8 on Windows 7. I can get it to work using the LmCompatibilityLevel registry hack, but I'd really prefer to get it working on the server. Does anyone have any experience with this? Or know where to start looking? The samba logs don't reveal much. EDIT: Here's what the wb-MYDOMAIN log says when I attempt to authenticate: [2009/08/20 15:13:36, 4] nsswitch/winbindd_dual.c:fork_domain_child(1080) child daemon request 13 [2009/08/20 15:13:36, 10] nsswitch/winbindd_dual.c:child_process_request(478) process_request: request fn AUTH_CRAP [2009/08/20 15:13:36, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1755) [ 4127]: pam auth crap domain: MYDOMAIN user: MYUSER [2009/08/20 15:13:36, 0] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1767) winbindd_pam_auth_crap: invalid password length 24/282 [2009/08/20 15:13:36, 2] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931) NTLM CRAP authentication for user [MYDOMAIN]\[MYUSER] returned NT_STATUS_INVALID_PARAMETER (PAM: 4) [2009/08/20 15:13:36, 10] nsswitch/winbindd_cache.c:cache_store_response(2267) Storing response for pid 4547, len 3240

    Read the article

  • OpenVPN Error : TLS Error: local/remote TLS keys are out of sync: [AF_INET]

    - by Lucidity
    Fist off thanks for reading this, I appreciate any and all suggestions. I am having some serious problems reconnecting to my OpenVPN client using Riseup.net's VPN. I have spent a few days banging my head against the wall in attempts to set this up on my iOS devices....but that is a whole other issue. I was however able to set it up on my Mac OS X specifically on my Windows Vista 32 bit BootCamp VM with relatively little trouble. To originally connect I only had to modify the recommended Config file very slightly (Config file included at the end of this post): - I had to enter the code directly into my config file - And change "dev tap" to "dev tun" So I was connected. (Note - I did test to ensure the VPN was actually working after I originally connected, it was. Also verified the .pem file (inserted as the coding in my config file) for authenticity). I left the VPN running. My computer went to sleep. Today I went to use the internet expecting (possibly incorrectly - I am now unsure if I was wrong to leave it running) to still be connected to the VPN. However I saw immediately I was not. I went to reconnect. And was (am) unable to. My logs after attempting to connect (and getting a connection failed dialog box) show everything working as it should (as far as I can tell) until the end where I get the following lines: Mon Sep 23 21:07:49 2013 us=276809 Initialization Sequence Completed Mon Sep 23 21:07:49 2013 us=276809 MANAGEMENT: >STATE:1379995669,CONNECTED,SUCCESS, OMITTED Mon Sep 23 21:22:50 2013 us=390350 Authenticate/Decrypt packet error: packet HMAC authentication failed Mon Sep 23 21:23:39 2013 us=862180 TLS Error: local/remote TLS keys are out of sync: [AF_INET] VPN IP OMITTED [2] Mon Sep 23 21:23:57 2013 us=395183 Authenticate/Decrypt packet error: packet HMAC authentication failed Mon Sep 23 22:07:41 2013 us=296898 TLS: soft reset sec=0 bytes=513834601/0 pkts=708032/0 Mon Sep 23 22:07:41 2013 us=671299 VERIFY OK: depth=1, C=US, O=Riseup Networks, L=Seattle, ST=WA, CN=Riseup Networks, [email protected] Mon Sep 23 22:07:41 2013 us=671299 VERIFY OK: depth=0, C=US, O=Riseup Networks, L=Seattle, ST=WA, CN=vpn.riseup.net Mon Sep 23 22:07:46 2013 us=772508 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Sep 23 22:07:46 2013 us=772508 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Sep 23 22:07:46 2013 us=772508 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Sep 23 22:07:46 2013 us=772508 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Sep 23 22:07:46 2013 us=772508 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA So I have searched for a solution online and I have included what I have attempted below, however I fear (know) I am not knowledgeable enough in this area to fix this myself. I apologize in advance for my ignorance. I do tech support for a living, but not this kind of tech support unfortunately. Other notes and troubleshooting done - - Windows Firewall is disabled completely, as well as other Anti-virus programs - Tor is disabled completely - No Proxies running - Time is correct in all locations - Router Firmware is up to date - Able to connect to the internet and as far as I can tell all necessary ports are open. - No settings have been altered since I was able to connect successfully. - Ethernet as well as wifi connections attempted, resulted in same error. Also tried adding the following lines to my config file (without success or change in error): persist-key persist-tun proto tcp (after reading that this error generally occurs on UDP connections, and is extremely rare on TCP) resolv-retry infinite (thinking the connection may have timed out since the issues occurred after leaving VPN connected during about 10 hrs of computer in sleep mode) All attempts resulted in exact same error code included at the top of this post. The original suggestions I found online stated - (regarding the TLS Error) - This error should resolve itself within 60 seconds, or if not quit wait 120 seconds and try again. (Which isnt the case here...) (regarding the Out of Sync" error) - If you continue to get "out of sync" errors and the link does not come up, then it means that something is probably wrong with your config file. You must use either ping and ping-restart on both sides of the connection, or keepalive on the server side of a client/server connection, in order to gracefully recover from "local/remote TLS keys are out of sync" errors. I wouldn't be surprised if my config file is lacking, or not correct. However I can confirm I followed the instructions to a tee. And was able to connect originally (and have not modified my settings or config file since I was able to connect to when the error began occurring). I have a very simple config file: client dev tun tun-mtu 1500 remote vpn.riseup.net auth-user-pass ca RiseupCA.pem redirect-gateway verb 4 <ca> -----BEGIN CERTIFICATE----- [OMITTED] -----END CERTIFICATE----- </ca> I would really appreciate any help or suggestions. I am at a total loss here, I know I'm asking a lot here. Though I am a new user on this site I help others on many forums including Microsoft's support community and especially Apple's support communities, so I will definitely pass on anything I learn here to help others. Thanks so so so much in advance for reading this.

    Read the article

  • OpenLDAP and Samba, can't log onto Samba share from Windows

    - by Jakobud
    The former jackass IT-guy that I'm taking over for had a Samba share setup on a Fedora server that uses our OpenLDAP server to authenticate users who want to log in from Windows. We recently added a new employee and I jumped through the LDAP hoops to add them to the system. However, I can't seem to use their login to access the Samba share. I'm looking through the LDAP settings and Groups and comparing the new user account to existing ones, and I can't figure out what settings in LDAP are required for this user to be able to access the Samba share. Of course the former idiotic IT-guy didn't document a single thing and has all sorts of weird setups on the network. So I'm at a bit of a loss on knowing what to look for here. Where should I start? On the server that is hosting the Samba share, he has samba running obviously but also has smbldap-tools loaded as well.

    Read the article

  • Looking for a manual/how-to for installing a Canon iRunner 210s network printer

    - by Ssvarc
    A client has a Canon iRunner210S and is complaining about slow print speeds. I've searched for a install manual online but came up empty. A call to Canon technical referred me to their dealer network for service, as as informing me that there isn't a manual available on their website. Anyone know how to install these and/or have a link to a manual? The current setup has the printers on a LAN Manager printer port instead of on straight IP ports. Is this normal for this printer? And what exactly are Lan Manager ports (based on my research, they appear to be a way to authenticate a connection)?

    Read the article

  • How to install a Canon iRunner 210s

    - by Ssvarc
    A client has a Canon iRunner210S and is complaining about slow print speeds. I've searched for a install manual online but came up empty. A call to Canon technical referred me to their dealer network for service, as as informing me that there isn't a manual available on their website. Anyone know how to install these and/or have a link to a manual? The current setup has the printers on a LAN Manager printer port instead of on straight IP ports. Is this normal for this printer? And what exactly are Lan Manager ports (based on my research, they appear to be a way to authenticate a connection)?

    Read the article

  • Trust my work domain on a Dev Domain without a domain level password

    - by Vaccano
    I setup a virtual machine to host a dev version of TFS (to test plugins on). Getting a computer on my work domain requires large amounts of red tape and paperwork that I would rather not do. I created my own domain the the VM and I would like to trust all users from my work domain on that VM Domain. But when I tried to setup the trust I needed a password from my work domain (which I don't have). Am I trying to do something nefarious? I just want to be able to authenticate to my Test TFS (VM) Server as me (my login on my work domain). Is there a way to do that with out having to have a domain level password for my work domain? (My VM is a Windows Server 2008 R2 server)

    Read the article

  • SquidGuard and Active Directory groups

    - by Massimo
    I'm configuring a Linux proxy with Squid and SquidGuard to filter Internet traffic. I know how to authenticate users against Active Directory in Squid, and then how to filter access for users using SquidGuard. The question: how to use Active Directory groups in SquidGuard instead of plain user names? My goal is to be able to configure rules like "members of this group can go anywhere" or "members of this group can only visit certain sites". I know SquidGuard can't manage group membership directly, but it can do LDAP searches on its own; but the syntax to look up wheter a user is member of a given group seems to be quite cryptic, and I couldn't find any good documentation around.

    Read the article

  • Windows Service and Group Policy unable to access network share on Win2008 Domain

    - by Terence Johnson
    I have one computer on my domain that has suddenly stopped receiving software updates via group policy. Domain logins still work, and group policy on the machine is still being updated, so it knows that there are new packages to install and where to look for them, but every time it tries to install a package, it throws a 1622 error (location not found). Logged in users can reach the same network shares, and every other computer on network is installing the packages. Further investigation found that other services running as "System" on the problematic computer are also unable to authenticate to network shares. How do I diagnose/fix this computer's account in Active Directory? The computer account exists, and is a member of "Domain Computers" - or is there something else I should be looking at?

    Read the article

  • Trouble configuring firewall for FTP on Windows Server 2008 R2

    - by x3ro
    Ok, I'm having the exact same problem as in this question http://serverfault.com/questions/59635/outbound-ftp-on-server-2008-r2-stalls but the accepted answer didn't help me much... I followed the third step of this http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings/ guide in order to configure my firewall for FTP, and I am able to authenticate, however, the data channel doesn't seem to be passing through the firewall. If I disable the firewall, everything works fine. Hope someone can help me, as this is really starting to annoy me. Best regards, x3ro

    Read the article

  • SSH: Two Factor Authentication

    - by Pierre
    I currently have a Ubuntu Server 12.04 running OpenSSH along with Samba and a few other services. At the current time I have public key authentication set up, and I'm wondering if it's possible to set up two factor authentication? I've been looking at Google Authenticator which I currently use with my Gmail account. I've found a PAM module that looks like it will be compatible however it seems that you are forced to use a password and the code generated. I'm wondering if there is a way to use the Google Authenticator Application (or something similar) along with my public key to authenticate into my SSH server?

    Read the article

  • Can I link proxy users from a single LDS instance to multiple domains?

    - by ixe013
    I have an Active Directory Lightweight Directory Services set up. I have objects that represent users in the Active Directory (Domain_A). I have set their objectSID attribute, and users can authenticate to LDS with their Active Directory password. I love it. I want to bring in new users, from a different Active Directory (Domain_B) that has not trust relationship whatsoever with the Active Directory from Domain_A. Is there a way to tell LDS in which domain to look for users or does it always look in the domain it is in, maybe by using another protocol than Kerberos ? +I figured out user provisionning, no need to mention it. Thanks !

    Read the article

  • SASL (Postfix) authentication with MySQL and Blowfish pre-encrypted passwords

    - by webo
    I have a Rails app with the Devise authentication gem running user registration and login. I want to use the db table that Devise populates when a user registers as the table that Postfix uses to authenticate users. The table has all the fields that Postfix may want for SASL authentication except that Devise encrypts the password using Blowfish before placing it in the database. How could I go about getting Postfix/SASL to decrypt those passwords so that the user can be authenticated properly? Devise salts the password so I'm not sure if that helps. Any suggestions? I'd likely want to do something similar with Dovecot or Courier, I'm not attached to one quite yet.

    Read the article

  • Kerberos SSO browser integration?

    - by MrZombie
    I'm installing a bunch of web apps for the office, and one of the wants would be Kerberos-managed SSO. Now, I have found some information on the matter, and I wondered, what browsers integrate Kerberos SSO? Of course I could just use the underlying web app to authenticate in case of lack of Kerberos capability, which is exactly the plan, but I'd like to know which browsers would work for that, so I can plan ahead and decide if it's even worth it to do that, which I believe it would considering that one of the web apps I'm implementing will be an ERP.

    Read the article

  • Best practice for authenticating DMZ against AD in LAN

    - by Sergei
    We have few customer facing servers in DMZ that also have user accounts , all accounts are in shadow password file. I am trying to consolidate user logons and thinking about letting LAN users to authenticate against Active Directory.Services needing authentication are Apache, Proftpd and ssh. After consulting security team I have setup authentication DMZ that has LDAPS proxy that in turn contacts another LDAPS proxy (proxy2) in LAN and this one passes authentication info via LDAP (as LDAP bind) to AD controller.Second LDAP proxy only needed because AD server refuses speak TLS with our secure LDAP implemetation. This works for Apache using appropriate module.At a later stage I may try to move customer accounts from servers to LDAP proxy so they are not scattered around servers. For SSH I joined proxy2 to Windows domain so users can logon using their windows credentials.Then I created ssh keys and copied them to DMZ servers using ssh-copy, to enable passwordless logon once users are authenticated. Is this a good way to implement this kind of SSO?Did I miss any security issues here or maybe there is a better way ofachieving my goal?

    Read the article

  • Can I issue wireless clients with IP address on different subnet?

    - by Beanz
    We have a very standard setup with a Windows Server 2003 domain controller issuing IP addresses using DHCP. This works fine. Internet access is managed via Microsoft ISA Server 2006 Standard. Clients are required to authenticate and this works fine. We now need to provide wireless internet access to visitors for laptops, iPhones etc. We've bought a couple of Netgear access points so I was thinking we might be able to issue wireless clients connected to it with an IP address on a different subnet and then allow non-authenticated Internet access via the ISA Server for that IP range. Does that sound plausible? I'm not even sure if I can issue a different subnet to wireless clients.

    Read the article

  • Use alternative Active Directory server to gain administrative privileges

    - by Sharuzzaman Ahmat Raslan
    I have this idea, just want to see if it is implementable or not. Let say I have my office laptop, with no administrator privileges, using example domain ASDF Can I set at my home, another AD server (Microsoft or Samba 4), that have the same domain ASDF as my office laptop. Then I set an administrative user in my own AD server. Theoretically, is it possible to authenticate my office laptop with my own AD? If the above is possible, theoretically, is it possible to gain administrative privileges also with this setup? Thanks.

    Read the article

  • Using LDAP to store customer data

    - by mechcow
    We wish to store some data in 389 Directory Server LDAP that doesn't fit that well into the standard set of schema's that come with the product. Nothing too amazing, things like: when the customer joined are they currently active customer certificate[1] which environment they are using My question is this: should we register with OID and start writing up our own custom schema OR is there a standard schema definition not provided by Directory Server that we can download and use that would fit our needs? Should we munge/hack existing attributes and store the data among there (I'm strongly opposed to this, but would be interested in arguments about why its better than extending)? [1] I know there is a field for this userCertificate but we don't want to use it to authenticate the user for the purposes of binding Using CentOS 5.5 with 389 Directory Server 8.1

    Read the article

  • How should clients handle HTTP 401 with unknown authentication schemes?

    - by user113215
    What is the proper behavior for an HTTP client receiving a 401 Unauthorized response that specifies only unrecognized authentication schemes? My server supports Kerberos authentication using WWW-Authenticate: Negotiate. On the first request, the server sends a 401 Unauthorized response with a body containing an HTML document. The behavior that I expect is for clients that support Kerberos to perform that authentication and for other clients to simply display the HTML document (a login form). It seems that most of the "other clients" I've encountered do work this way, but a few do not. I haven't found anything that mandates any particular behavior in this situation. There's a brief mention in RFC 2617: HTTP Authentication: Basic and Digest Access Authentication, but is there anything more concrete? It is possible that a server may want to require Digest as its authentication method, even if the server does not know that the client supports it. A client is encouraged to fail gracefully if the server specifies only authentication schemes it cannot handle.

    Read the article

  • OS X SMB Connection to Windows Server 2008 R2

    - by Tawm
    I support many Macs that connect to an SMB share on a Windows Server 2008 R2 box. Occasionally I find that the Mac will try to connect and fail. The connection process will skip asking for credentials and there are none stored in keychain's password section. The server logs will show that the user tried to authenticate with invalid credentials. There are also no lingering connections from the server's point of view. The work around that I've found is to use an invalid username or a username that isn't the user's in the connection string for SMB so smb://domain;user@server/share instead of 'smb://server/share' this will force it to use the username I specified which the client doesn't have anything stored for. So it will then pop up the login window where the user changes the username to the correct one and user her password to connect happily. Specific computer in question: 15" MBP running Snow Leopard (10.6.7 or 10.6.8)

    Read the article

  • Win Server 2008 force kerberos setting

    - by ftiaronsem
    I am currently facing the problem that a linux machine running Ubuntu 10.04 LTS with samba and winbindd installed is unable to join a Domain, that is managed by a Windows 2008 DC. The linux config, is probably alright, since I have successfully used it at multiple sites, running 2008 as well as 2003 DCs. The error I get ("libads/kerberos.c: Join to domain is not valid. Client credentials have been revoked"), indicates that there is a kerberos problem. Normally the linux box is supposed to authenticate via NTLM and is configured that way. The only reason I can image why it tries kerberos is that the DC is forcing it. Do you know whether there is any setting in the security policies of a window 2008 server, that would completely block NTLM, forcing kerberos? If so, where can I find this setting?

    Read the article

  • IIS 7.5 - Remove the pipe character from usernames for virtual hosts

    - by glasnt
    Currently I have a setup with a virtual FTP site in IIS 7.5 that requires the following authentication details for the anonymous account: Host: ftp.mydomain.com User: ftp.mydomain.com|anonymous Pass: <none> I have multiple FTP accounts setup on this same server. I know that this means I need to specify the domain in the username to let IIS know what I need site to authenticate against, but is it possible to make the username only be anonymous? Would I have to create a user by that name in the windows users and groups area to be and specifically link it there?

    Read the article

  • Smart card authentication to a Cisco switch?

    - by murisonc
    We have our Cisco network devices configured to authenticate network administrators using their domain accounts via RADIUS running on a Windows 2008R2 server with the network protection role. This works great for logging into the switch via SSH when configuring the devices. We are now in the beginning stages of deploying smart cards for logins. Does anyone know of a way to login to a Cisco switch using a smart card instead of a domain username and password? The SSH client we are using is Putty. Workstations are Windows 7. RADIUS is running on Windows 2008R2. We are running our own certificate authority on Windows 2008; network is not connected to the Internet. We prefer to not have to purchase additional proprietary devices for this functionality.

    Read the article

  • Can't login to just installed view administrator

    - by matarvai81
    Hi, we are starting to test View for our purposes. I have created new test enviroment, new vdidemo active directory, new virtual center etc... I just installed view connection server component to new server and trying to do initial configuration, but when trying to log in I get following error " Error accessing the View Administrator. Contact the system administrator" Log file says following error 08:14:08,925 INFO LoginBean User administrator has failed to authenticate to View Administrator What is causing this problem? How can I log in and start to test VDI?

    Read the article

  • Firewall Authentication - logon failed

    - by RoseofPurple
    I am attempting to use a Watchguard firebox 550e with Fireware XTM 11 to authenticate incoming traffic for RDP access. I have configured the firewall to use my domain controller for Active directory authentication with a Windows 2000 server farm and added a couple of user accounts to the users list in the firewall, but when I attempt to log onto the authentication page for the firewall, I get Logon failed. I know that the user names work and that the passwords are correct. I am also certain that I have told it to log on using Active Directory instead of the FireboxDB. I have tried using the username alone, the domain\username, and the email address. I believe that the Search base is correct (DC=mydomainname,DC=com), and I did not change any defaults for sAMAccountName (and I do not recall making any changes to those items when configuring the domain structure). Any assistance would be appreciated.

    Read the article

  • Teamcity nuget feed http authentication

    - by Mihalis Bagos
    Nuget feed by team city is working perfectly but there is a strange problem. Local IP (http://192.168.xx.xx:9999/feed/../): Listing through browser works Accessing packages through Visual studio 11 nuget works VPN IP (http://55.xx.xx.xx:9999/feed/../): Listing packages through browser works Accessing packages through Visual studio 11 nuget PROBLEM GUEST Account: Everything works fine, both on VPN and local IP (so its purely an authentication problem) The problem is, we can't get the user to authenticate. Using the same credentials, no matter what we try we get 401. The server VPN ip is whitelisted in internet explorer intranet settings. Any ideas? Basically HTTP authentication is failing for the VPN although it shouldn't, since the browser works fine!

    Read the article

< Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33  | Next Page >