Search Results

Search found 1466 results on 59 pages for 'authenticate'.

Page 28/59 | < Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >

• Sql Server 2008, Active Directory Groups, and Failed Logins

  - by Ryan Michela

  I keep getting a Login Failed error in my ASP.net application when connecting to my SQL Server 2008 database. I am trying to login with the user domain\foo. When I grant a database login (server and database level) for domain\foo, my application can connect. When I put domain\foo in a group called domain/goo and give domain\goo a database login, the user domain\foo cannot authenticate. This does not make any sense. Am I doing something wrong? domain\foo and domain\goo are configured identically. The only difference is that on is a user and one is a group containing a user. Adding active directory groups as users to SQL Server 2008 is supposed to work.

  Read the article

• 8021x wireless clients auto connect prior to user login

  - by JohnyV

  I am using a 2008 r2 dc that also performs Radius (NPS), I also have a 2008 r2 certificate authority which is giving out certificates. The computers are getting the certificate and when a user logs into the device (that has previously logged in) gets put on the correct VLAN (according to there user access). However I cant get the computers to join the wireless network prior to logging in, so that they can log in with their domain accounts and authenticate through the wireless. The basic setup is Computer gets group policy which tells it to get a certificate the computer then has a seperate vlan to join just as a computer account however the wireless computer wont connect through that vlan. (this vlan allows login information only then once the users credentials are verified it puts them onto another VLAN). So I am trying to work out why the notebook wont auto connect to the wireless network as a computer. Thanks

  Read the article

• KMS / Office 2010... please point to documentation.

  - by TomTom

  Trying to find out how to "modify" KMS to also accept the Office 2010 KMS key. Can anyone point me to some document about this? Basically - do I have to install an update to KMS? I wand my KMS server to authenticate both, Windows (It currently has a DataCenter R2 KMS key installed) as well as Office 2010. Keys are available ;) I can not imagine I just ptu it in - would this not overwrite the DataCenter key? I tried the MSDN website, but there is no clear document visible for my question.

  Read the article

• Apache can't connect to LDAP server

  - by jldugger

  I'm tying SVN to LDAPS by way of Apache. I've run openssl s_client --host $host --port 636 and received an SSL certificate, so it doesn't appear to be a firewall problem. I get the following warning: [Fri Apr 02 07:38:15 2010] [warn] [client <ip withheld>] [590] auth_ldap authenticate: user jldugger authentication failed; URI /internal-svn [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] "Can't contact LDAP server" is somewhere between vague and wrong. I'm at a loss on how to continue debugging this. Ideas?

  Read the article

• Setting up SVN+SSH for multiple users through one local user.

  - by Warlax

  Hi, I need to make our SVN repository accessible through the firewall - but without creating a local user for each potential external user. Instead, I would like to set-up SVN+SSH to route all external users through a single local user name. We would like each external user to authenticate with SSH the regular way but then treat their instance of svnserve as if they're all that single local user and possibly, control what parts of the repository each external user can access. I know that I will need to set my svnserve config according to the official guide. I tried, but the instructions are fuzzy and I am relatively a Linux n00b. What exactly are the steps to proceed? and how would you go about testing this? Thanks for your help.

  Read the article

• OSX Server 3, Mac clients binding to OD and Profile Manager failing

  - by dbf

  I've made a setup containing a Mac Mini with OSX Server 3 (Mavericks 10.9.2) using Open Directory and Profile Manager (Mail, etc all set up and working). Now the thing is, internally on the local network, everything works great. Clients can bind to the OD and the users are able to login. I can install trust and settings profiles (either custom or group profiles) and all services in the profiles mentioned are being configured correctly. I can log in and out, hump around and do it a 100 times on different macs with different users, it works. My goal is to make this service publicly. The domain is with a FQDN which I own, for simplicity let's say server.domain.com. Now the only way for me to bind the clients to the OD is using LDAP mapping RCF2307 (without SSL) and a DN suffix of dc=server,dc=domain,dc=com using the Directory Utility. The options from server, or open directory will throw several errors like Connection failed to node '/LDAPv3/server.domain.com (2100). First of all I don't really understand the problem why clients can't bind to the OD like it does locally, with and without SSL (all ports are open, literally all ports are open, not just 389,636 and 1640, wasn't sure if I was missing any). When the clients are using LDAP mapping RFC2307 to bind (without SSL only), clients are able to authenticate, login and even load the Trust profile. But every Settings profile will fail with a Debug Message: Unable to find GUID in user record OD or fail to install saying missing user identification. Is there any way to get this to work without RFC2307? Because there is quite some stuff missing when using RFC2307 and not pull the mapping from the server or use open directory. Is this setup even possible? Or should I use VPN to authenticate with the OD? The network setup is a Modem/Router (DHCP off) with WAN NATted to an Airport Extreme (Using DHCP+NAT). The AE does notify with a double NAT message but I haven't had any problems with it on any other service. So WAN - 192.168.2.220 (static), AE - 10.0.1.* (dhcp) Output of DIG from the outside using dig server.domain.com ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;server.domain.com. IN A ;; ANSWER SECTION: server.domain.com. 77 IN A 91.50.*.* (valid WAN IP) ;; SERVER 172.*.*.1#53(172.*.*.1) (iPhone) DIG locally from a client and server (same output) ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;server.domain.com. IN A ;; ANSWER SECTION: server.domain.com. 10800 IN A 10.0.1.11 ;; AUTHORITY SECTION: server.domain.com. 10800 IN NS domain.com. (used for email send in relay) server.domain.com. 10800 IN NS server.domain.com. ;; SERVER 10.0.1.11#53(10.0.1.11) Are there any things I should check? Only have OSX. -- double NAT issue, plugged in the server directly on the Modem/Router with a static IP and issue remains. Guess that rules out the double NAT thing. -- changeip -checkhostname comes with There is nothing to change, e.g. success. Primary address = 10.0.1.11 Current HostName = server.domain.com DNS HostName = server.domain.com For now, I've made a workaround by using an admin account that forces a permanent VPN connection on boot. That means before it comes to the login, a connection is already made or underway. I will continue this post when I have more time, also locating all the necessary .log files of each application involved. I have some suspicions but have to debug a bit more when I have more time on my hands .. Unless, of course, I get sidetracked with having a life. Which is arguably not very likely. krypted.com

  Read the article

• Developer Laptop with SQL Server 2008 can't login to SSIS when offsite

  - by wizlb

  When I bring my Windows XP (SP3) laptop home I can still login as my domain account because Windows caches the info necessary to authenticate me when the domain controller isn't around. However, when I try to connect to Integration Services from within SQL Server Management Studio, it generates SSPI context errors. The only way it works is if I connect to the office with VPN or if I'm at the office where the domain controller is. I have both SQL Server Agent and SQL Server Integration Services 10 running under local computer accounts. It seems that the only option to connect to Integration Services from within Management Studio is to use Window authentication. Is there any way to do this when I'm not connected to the office? Why don't these services use the cached info just like Windows Login? Thanks.

  Read the article

• Can't send emails through sendmail, error occured

  - by skomak

  Hi, I have sendmail MTA and i use pear:Mail class to send mails through remote sendmail server. Everything was fine till yesterday. Probably nothing changes was made in configs. At maillog i can see: May 6 12:58:55 xxx sendmail[25903]: STARTTLS=server, relay=hostxxxx.static.xx.xx.pl [85.x.x.x], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256 May 6 12:58:56 xxx sendmail[25903]: o46AwtqE025903: hostxxxx.static.xx.xx.pl [85.x.x.x] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA2 and in /var/log/messages: May 6 13:00:17 lilia sendmail[27193]: realm changed: authentication aborted I use ldap to authenticate users but i used the same script to check mailing on another server and it works there good, only this server behave weird. Packets are deliverd to sendmail server i can see it in tcpdump, but there is smaller packets than on other server which sends emails. Could you tell me how can i check what is wrong with that? D.S.

  Read the article

• Freeware Local Proxy for Proxy Chaining with HTTPAUTH

  - by pepoluan

  I am looking for a freeware local proxy to perform proxy-chaining with HTTPAUTH. To explain my situation: In my workplace I am forced to keep switching between several internet-connected apps, and thus everytime I have to type in the credentials (or, at least, click on 'OK' to send my previously-saved credential). To make matters more annoying, the proxy login times out every 30 minutes, requiring me to lather-rinse-repeat the whole annoyance. I'd like to just point them all to a locally installed proxy which will on its own perform the required HTTPAUTH against the corporate proxy. I've tried Cntlm, but it always fail to authenticate (and according to this thread, that is due to the proxy using HTTPAUTH which is not supported by Cntlm) Any suggestions? ETA: I found Polipo, but it's kinda wonky on Windows. Especially if I visit a new URL, and the DNS server is a bit slow, then Polipo will simply drop/refuse the connection. And I have to put my password in plaintext. If there's a better suggestion, I'm all ears.

  Read the article

• How does one guarantee a remote client the same local IP address every time when connecting to a VPN?

  - by Joe Carroll

  I need to configure a VPN for secure remote access to a PACS serving DICOM radiological images. The DICOM standard requires that any clients accessing the PACS must be using a fixed IP address that is pre-registered in PACS. I haven't implemented this solution before and would appreciate any guidance. I believe it should be possible to use RADIUS on the server to authenticate users connecting to the VPN and with it assign each user their own specific local subnet IP address, which would be registered with the PACS. The server runs Windows Server 2003 R2 Enterprise Edition SP2 and the VPN device is a FortiGate 60C. The What would be the best and/or simplest way to set this up?

  Read the article

• Share files from Windows XP to Mac Snow Leopard

  - by sympleko

  Hi, I have a Windows XP desktop and a MacBook Pro on my home network. I would like to mount my "home directory" (My Documents, or whatever they call it in Windows) onto my MacBook's filesystem. So far I have been able to do this with the Shared Documents folder, using the excellent howto at Maclive. But I'd like to be able to authenticate using my Windows XP username and password, and access my files remotely without exposing them to everyone on the nextwork. Any clues or good links?

  Read the article

• LDAP (slapd) creating users with access to specific trees

  - by Josh

  I am setting up a CentOS server with Virtualmin and Postfix, and I am trying to use LDAP to store unix users, groups, Postfix aliases and virtual domains. I am following the instructions from Webmin's site. I have created an LDAP domain and configured Postfix to fetch Aliases and Virtual Domains from LDAP, but in order to do so I had to configure postfix to authenticate with the master LDAP account, cn=Manager,dc=mydomain,dc=com. This seems like a terrible idea because that account has access to the Users and Groups, which postfix does not need access to. How can I create a new LDAP account for Postfix which only has access to the LDAP trees Postfix needs?

  Read the article

• What could cause Citrix Xenapp to stop streaming applications after the server's IP address changed?

  - by Ken Pespisa

  We have a Citrix XenApp 5.0 server running on Windows 2008, and today we moved ISPs so our IP addresses changed. The IP addresses have propagated, the XenApp server is running, and internally we can connect to the server, choose an app, and have it streamed without issue. Externally we are only able to authenticate to the server and choose an app, but the app never launches in the client. I'm guessing there's a hand-off between the part of XenApp that authenticates a user and shows what apps they can launch, and the part that does the app streaming, and that second part is hard-coded to use an the old ip address. Any ideas why this could be happening?

  Read the article

• Can a malicious hacker share Linux distributions which trust bad root certificates?

  - by iamrohitbanga

  Suppose a hacker launches a new Linux distro with firefox provided with it. Now a browser contains the certificates of the root certification authorities of PKI. Because firefox is a free browser anyone can package it with fake root certificates. Thus a fake root certificate would contain a the certification authority that is not actually certified. Can this be used to authenticate some websites. How? Many existing linux distros are mirrored by people. They can easily package software containing certificates that can lead to such attacks. Is the above possible? Has such an attack taken place before?

  Read the article

• How to create chroot jail with ability to change some system settings

  - by Tadeck

  How to properly create chroot jail (on Ubuntu, or some some other Linux if not applicable) to make user able to edit system settings (eg. with ifconfig) and be able to communicate with external scripts? The use case would be to enable user to authenticate using SSH and then be able to perform very limited set of actions from command line. Unfortunately the tricky part is the access to system settings. I have considered multiple options and the alternative is to setup fake SSH server (eg. with Twisted), try to use restricted shell (however, I seem to need chroot still), or write a script on top of the shell (?).

  Read the article

• kinit gives me a Kerberos ticket, but no AFS token

  - by Tomas Lycken

  I'm trying to setup access to my university's IT environment from my laptop running Ubuntu 12.04, by (mostly) following the IT-department's guides on AFS and Kerberos. I can get AFS working well enough so that I can navigate to my home folder (located in the nada.kth.se cell of AFS), and I can get Kerberos working well enough to forward tickets and authenticate me when I connect with ssh. However, I don't seem to get any AFS tokens locally, on my machine, so I can't just go to /afs/nada.kth.se/.../folder/file.txt on my machine and edit it. I can't even stand in /afs/nada.kth.se/.../folder and run ls without getting Permission denied errors. Why doesn't kinit -f [email protected] give me an AFS token? What do I need to do to get one?

  Read the article

• Can I rely on S3 to keep my data secure?

  - by Jamie Hale

  I want to back up sensitive personal data to S3 via an rsync-style interface. I'm currently using s3cmd - a great tool - but it doesn't yet support encrypted syncs. This means that while my data is encrypted (via SSL) during transfer, it's stored on their end unencrypted. I want to know if this is a big deal. The S3 FAQ says "Amazon S3 uses proven cryptographic methods to authenticate users... If you would like extra security, there is no restriction on encrypting your data before storing it in Amazon S3." Why would I like extra security? Is there some way my buckets could be opened to prying eyes without my knowing? Or are they just trying to save you when you accidentally change your ACLs and make your buckets world-readable?

  Read the article

• Manually accessing GMail via IMAP

  - by Jeff Mc

  I'm trying to connect to gmail imap, but I am unable to execute any commands after login. I'm running openssl s_client -connect imap.gmail.com:993 to connect then, * OK Gimap ready for requests from 128.146.221.118 42if6514983iwn.40 . CAPABILITY * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA XLIST CHILDREN XYZZY SASL-IR AUTH=XOAUTH . OK Thats all she wrote! 42if6514983iwn.40 . LOGIN {email removed} {password removed} * CAPABILITY IMAP4rev1 UNSELECT LITERAL+ IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 UIDPLUS COMPRESS=DEFLATE . OK {email removed} authenticated (Success) . CAPABILITY at which point it simply hangs with the connection open. I'm guessing gmail pushes you off to a node in a cluster after it authenticate me?

  Read the article

• Can't connect to domain computers until reboot

  - by thealliedhacker

  I have a domain with about 300 Windows 7 and XP machines, with the domain controllers running Server 2003. Sometimes, I lose the ability to communicate/authenticate with some of the machines until I reboot my computer. This also happens from other computers and regardless of user account and operating system. In other words, say I'm on ComputerA, and I can't connect to ComputerX. I can go to ComputerB and connect to ComputerX, but ComputerB may not be able to connect to ComputerY. If you reboot ComputerA, then it will be able to connect to ComputerX again. Here are some messages from various utilities: sc: [SC] OpenSCManager FAILED 1722: The RPC server is unavailable. mmc (compmgmt.msc): Computer (computer name) cannot be managed. The network path was not found. explorer (\\computer): Windows cannot access \\(computer name). ping: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss) / Average = 1ms

  Read the article

• Chef bootstrap giving 401 unauthorized

  - by loddy1234

  I'm trying to bootstrap a new chef node by running: knife bootstrap <server ip> -x lewis -N gitlab --sudo But I get the following output: [Mon, 03 Sep 2012 14:45:17 +0000] INFO: *** Chef 10.12.0 *** [Mon, 03 Sep 2012 14:45:17 +0000] INFO: Client key /etc/chef/client.pem is not present - registering [Mon, 03 Sep 2012 14:45:17 +0000] INFO: HTTP Request Returned 401 Unauthorized: Failed to authenticate. Ensure that your client key is valid. [Mon, 03 Sep 2012 14:45:17 +0000] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out [Mon, 03 Sep 2012 14:45:17 +0000] FATAL: Net::HTTPServerException: 401 "Unauthorized" My chef server is running Ubuntu 12.04 x32 and the machine I'm trying to bootstrap is running CentOS 6.3 x64 Any idea what's going wrong?

  Read the article

• FTP Issue when connecting to a debian machine from windows

  - by erin c

  I have a .net application which copies bunch of files to a specific FTP folder on a debian machine on periodical basis, ftp folder has 755 mod, owner of the directory is the ftp username that I authenticate in .net application. So far I tested this application with bunch of debian boxes, my initial attempts generally fail with following message if I try it with a debian machine that I haven't tried it before: "remote server returned an error 550 File unavailable" When I see this error, I log onto another debian machine on my network, and I try FTP'ing the debian box that returns the error message from command line. I generally "put" a very small file to the folder in question, right after that windows application starts copying files successfully via FTP. It is as if my command line ftp operation fixes the problem and makes debian compatible with my .net application. I checked permissions before and after the problem, it doesn't look like what I did changed anything, I am at loss understanding why this problem occurs and why it is fixed with my silly hack. Can anybody tell me where to look at next to fix this extremely annoying issue?

  Read the article

• Switches with 802.1x "supplicant timeout" feature?

  - by chris

  I'm looking for a complete list of switches which will allow 802.1x and normal (non-supplicant) enabled hosts to connect to the same ports on a switch. This is useful for areas where there are semi-open ports such as a lobby area or a library where corporate and guest users may use the same ports but you want them to have different access profiles and where it isn't expected that guests would have 802.1x configured on their system. For instance, Enterasys and Extreme Networks both have a feature where if the switch doesn't see an EAPOL packet from the client in a certain amount of time, it puts the port into a "guest" VLAN; if it sees an 802.1x supplicant, it tries to authenticate the user via 802.1x and if they succeed, it does what the radius server tells it to do with that port (IE put the port into a certain VLAN, apply certain ACLs, etc) Do other vendors have this sort of feature, or is it expected that a switch will do both 802.1x and MAC authentication, and the "supplicant timeout" feature is implemented with a blanket allow on the MAC authentication?

  Read the article

• Using both domain users and local users for Squid authentication?

  - by Massimo

  I'm working on a Squid proxy which needs to authenticate users against an Active Directory domain; this works fine, Samba was correctly set up and Squid authenticates users via ntlm_auth. Relevant lines in squid.conf: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm keep_alive on acl Authenticated proxy_auth REQUIRED http_access allow Authenticated http_access deny all Now, I need a way to allow access to users which don't have a domain account. I know I could create an "internet user" account in the domain, but this would allow access, although limited, to domain resources (file shares, etc.); I need something that will allow only Internet access. The ideal solution would be using a local account on the proxy server, either a Linux account or a Squid one; I know Squid supports this, but I'm unable to have it use both domain authentication and Squid/local authentication if domain auth is unsuccesful. Can this be done? How?

  Read the article

• Authenticating a Windows client to a Samba share

  - by hekevintran

  I have a Samba network share being served by a Linux machine. The share is read-only unless you give it a username and password. I want my Windows 7 client machine to connect to it. It appears that the Windows machine is connecting as a guest because it does not have write access. The Windows machine never asks me whether or not it should connect as a guest or with a username. How do I make the Windows machine authenticate? Where do I input my password? This seems like such a simple thing yet I am totally confused. On Mac OS and Linux, it simply asks you for a username.

  Read the article

• Sharepoint 2010 and Samba LDAP groups

  - by Jon Rhoades

  The setup: Windows 2008 SP2 Sharepoint 2010 Foundation Samba 3 "Domain" I'm trying to use the Samba LDAP users & groups we already have to access to Sharepoint. I can successfully authenticate using the Samaba accounts (getting the "Error: Access Denied" message as the user has no permissions). So Sharepoint can clearly see and use the existing accounts/groups. What I can't do is be authorised as in the grant permissions interface, Sharepoint now fails to match the account (I get an "No Exact match found..."). Is there a way of getting the Sharepoint permissions interface to recognise and use our existing Samba LDAP accounts? I get it - don't use Samaba, use AD. If I had that option I would, but I don't.

  Read the article

< Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >