Search Results

Search found 21360 results on 855 pages for 'domain controller'.

Page 294/855 | < Previous Page | 290 291 292 293 294 295 296 297 298 299 300 301  | Next Page >

• Cisco ASA: Allowing and Denying VPN Access based on membership to an AD group

  - by milkandtang

  I have a Cisco ASA 5505 connecting to an Active Directory server for VPN authentication. Usually we'd restrict this to a particular OU, but in this case users which need access are spread across multiple OUs. So, I'd like to use a group to specify which users have remote access. I've created the group and added the users, but I'm having trouble figuring out how to deny users which aren't in that group. Right now, if someone connects they get assigned the correct group policy "companynamera" if they are in that group, so the LDAP mapping is working. However, users who are not in that group still authenticate fine, and their group policy becomes the LDAP path of their first group, i.e. CN=Domain Users,CN=Users,DC=example,DC=com, and then are still allowed access. How do I add a filter so that I can map everything that isn't "companynamera" to no access? Config I'm using (with some stuff such as ACLs and mappings removed, since they are just noise here): gateway# show run : Saved : ASA Version 8.2(1) ! hostname gateway domain-name corp.company-name.com enable password gDZcqZ.aUC9ML0jK encrypted passwd gDZcqZ.aUC9ML0jK encrypted names name 192.168.0.2 dc5 description FTP Server name 192.168.0.5 dc2 description Everything server name 192.168.0.6 dc4 description File Server name 192.168.0.7 ts1 description Light Use Terminal Server name 192.168.0.8 ts2 description Heavy Use Terminal Server name 4.4.4.82 primary-frontier name 5.5.5.26 primary-eschelon name 172.21.18.5 dmz1 description Kerio Mail Server and FTP Server name 4.4.4.84 ts-frontier name 4.4.4.85 vpn-frontier name 5.5.5.28 ts-eschelon name 5.5.5.29 vpn-eschelon name 5.5.5.27 email-eschelon name 4.4.4.83 guest-frontier name 4.4.4.86 email-frontier dns-guard ! interface Vlan1 nameif inside security-level 100 ip address 192.168.0.254 255.255.255.0 ! interface Vlan2 description Frontier FiOS nameif outside security-level 0 ip address primary-frontier 255.255.255.0 ! interface Vlan3 description Eschelon T1 nameif backup security-level 0 ip address primary-eschelon 255.255.255.248 ! interface Vlan4 nameif dmz security-level 50 ip address 172.21.18.254 255.255.255.0 ! interface Vlan5 nameif guest security-level 25 ip address 172.21.19.254 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 switchport access vlan 3 ! interface Ethernet0/2 switchport access vlan 4 ! interface Ethernet0/3 switchport access vlan 5 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! ftp mode passive clock timezone PST -8 clock summer-time PDT recurring dns domain-lookup inside dns server-group DefaultDNS name-server dc2 domain-name corp.company-name.com same-security-traffic permit intra-interface access-list companyname_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0 access-list companyname_splitTunnelAcl standard permit 172.21.18.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any 172.21.20.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any 172.21.18.0 255.255.255.0 access-list bypassingnat_dmz extended permit ip 172.21.18.0 255.255.255.0 192.168.0.0 255.255.255.0 pager lines 24 logging enable logging buffer-size 12288 logging buffered warnings logging asdm notifications mtu inside 1500 mtu outside 1500 mtu backup 1500 mtu dmz 1500 mtu guest 1500 ip local pool VPNpool 172.21.20.50-172.21.20.59 mask 255.255.255.0 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 global (outside) 1 interface global (outside) 2 email-frontier global (outside) 3 guest-frontier global (backup) 1 interface global (dmz) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 2 dc5 255.255.255.255 nat (inside) 1 192.168.0.0 255.255.255.0 nat (dmz) 0 access-list bypassingnat_dmz nat (dmz) 2 dmz1 255.255.255.255 nat (dmz) 1 172.21.18.0 255.255.255.0 access-group outside_access_in in interface outside access-group dmz_access_in in interface dmz route outside 0.0.0.0 0.0.0.0 4.4.4.1 1 track 1 route backup 0.0.0.0 0.0.0.0 5.5.5.25 254 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 ldap attribute-map RemoteAccessMap map-name memberOf IETF-Radius-Class map-value memberOf CN=RemoteAccess,CN=Users,DC=corp,DC=company-name,DC=com companynamera dynamic-access-policy-record DfltAccessPolicy aaa-server ActiveDirectory protocol ldap aaa-server ActiveDirectory (inside) host dc2 ldap-base-dn dc=corp,dc=company-name,dc=com ldap-scope subtree ldap-login-password * ldap-login-dn cn=administrator,ou=Admins,dc=corp,dc=company-name,dc=com server-type microsoft aaa-server ADRemoteAccess protocol ldap aaa-server ADRemoteAccess (inside) host dc2 ldap-base-dn dc=corp,dc=company-name,dc=com ldap-scope subtree ldap-login-password * ldap-login-dn cn=administrator,ou=Admins,dc=corp,dc=company-name,dc=com server-type microsoft ldap-attribute-map RemoteAccessMap aaa authentication enable console LOCAL aaa authentication ssh console LOCAL http server enable http 192.168.0.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart sla monitor 123 type echo protocol ipIcmpEcho 4.4.4.1 interface outside num-packets 3 frequency 10 sla monitor schedule 123 life forever start-time now crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map outside_dyn_map 20 set pfs crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 ! track 1 rtr 123 reachability telnet timeout 5 ssh 192.168.0.0 255.255.255.0 inside ssh timeout 5 ssh version 2 console timeout 0 management-access inside dhcpd auto_config outside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn group-policy companynamera internal group-policy companynamera attributes wins-server value 192.168.0.5 dns-server value 192.168.0.5 vpn-tunnel-protocol IPSec password-storage enable split-tunnel-policy tunnelspecified split-tunnel-network-list value companyname_splitTunnelAcl default-domain value corp.company-name.com split-dns value corp.company-name.com group-policy companyname internal group-policy companyname attributes wins-server value 192.168.0.5 dns-server value 192.168.0.5 vpn-tunnel-protocol IPSec password-storage enable split-tunnel-policy tunnelspecified split-tunnel-network-list value companyname_splitTunnelAcl default-domain value corp.company-name.com split-dns value corp.company-name.com username admin password IhpSqtN210ZsNaH. encrypted privilege 15 tunnel-group companyname type remote-access tunnel-group companyname general-attributes address-pool VPNpool authentication-server-group ActiveDirectory LOCAL default-group-policy companyname tunnel-group companyname ipsec-attributes pre-shared-key * tunnel-group companynamera type remote-access tunnel-group companynamera general-attributes address-pool VPNpool authentication-server-group ADRemoteAccess LOCAL default-group-policy companynamera tunnel-group companynamera ipsec-attributes pre-shared-key * ! class-map type inspect ftp match-all ftp-inspection-map class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect ftp ftp-inspection-map parameters class ftp-inspection-map policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns migrated_dns_map_1 inspect ftp inspect h323 h225 inspect h323 ras inspect http inspect ils inspect netbios inspect rsh inspect rtsp inspect skinny inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect icmp inspect icmp error inspect esmtp inspect pptp ! service-policy global_policy global prompt hostname context Cryptochecksum:487525494a81c8176046fec475d17efe : end gateway# Thanks so much!

  Read the article

• Protecting DNS entries from duplicate hostnames entering network

  - by Aszurom

  Given a Windows domain, with DNS provided by a server on that domain, I am curious about what happens if a guest joins the network attempting to use the same hostname as an existing server, and then tries to register that hostname in DNS with its DHCP address. Can this potentially be disruptive to the server, or is Windows DNS smart enough to spot a duplicate hostname and deny an auto-register request from that host? What actions can be taken to ensure that DNS for a hostname cannot be altered?

  Read the article

• Configuring DNS on my Amazon AWS [closed]

  - by Ricardo

  So, I have an AWS EC2, and I need to configure a dns server, I have a Ubuntu 11.04 and webmin is configured, I have a domin point to my ip. So, know I need to redirect my domain to my ip and configure BIND dns server? What configuration I have to do to redirect my domain account to my ip and create my own dns server? I see some videos on youtube but, i don´t know what is the best of for me. Thank´s for any help.

  Read the article

• dynamic subdomains problem?

  - by Solomon Saleh

  im trying to add a wildcard subdomain system to my webserver, but its still not working, this is the steps i took: i made a new file vhost.conf in the directory var/www/vhosts/www.kornar.com/conf/vhost.conf and i put ServerAlias *.domain.com then second of all i made a new dns wildcard on plesk CNAME *.domain.com kornar.com and then i edited my .htaccess file Options +FollowSymLinks RewriteEngine on RewriteCond %{HTTP_HOST} ^(^.*)\.kornar.com RewriteRule (.*) user.php?user=%1 normally my url would be http://www.kornar.com/user.php?user=solomon but now i want to like this http://solomon.kornar.com but the steps i took still deosnt work :)) whats happening here

  Read the article

• Nginx redirects

  - by Ibrahim Hussein

  Let's say i have a virtual host in Nginx wtih name www.domain.com and root directory named public. Inside public i have 2 dirs dir1 and dir2. How i redirect the request to www.domain.com to dir1? I know it's a simple question, but i am new to nginx.

  Read the article

• Valid certificate issued by certificate authority

  - by Null

  Using the below configuration: internal Domain: company.corp Server 2008 DC and CA I've setup Radius/NPS for WPA2-Enterprise authentication, but the mobile clients are getting certificate warnings because the PEAP certificate is self signed by the CA. How can I fix the warning? Do I need to get a signed certificate for the company.corp domain?

  Read the article

• user SID unique?

  - by Xaver

  the SID term is unique or not? can two user sids on different machines in one domain system be equal? (if both of them domain users or if both of them locally users)

  Read the article

• IBM HostRAID not detected when Installing Ubuntu server 9.10

  - by Matt

  I'm wanting to install Ubuntu Server 9.10 onto an IBM xSeries 306m. The onboard SATA RAID controller is not being correctly detected. Has anyone had experience installing Ubuntu or Linux onto one of these machines and encountered this problem? The SATA controller reports itself on boot as Adaptec HostRAID

  Read the article

• Is it possible to boot from a passthrough lsi2008 under esxi?

  - by Kurt

  I currently have Solaris 11 Express running on bare metal. I'd like to convert the machine to an ESXI host and run the existing os as a virtual machine. I have ESXI setup, the virtual machine made, if I boot the vm from the recovery disk the drives and lsi2008 controller is visible. Everything looks like it should work, but the vm bios does not seem to try and boot from the controller. Is this just impossible?

  Read the article

• Email delivery management grievances

  - by joxl

  The question I have may be more of principle than anything else, but here's my dilemma. I manage an email system for a small company (about 20 email users). We own a plain-letter .com domain name through Network Solutions. Our email service is hosted by Google Apps. Recently (Feb. 2011) we've been having customers report that they aren't getting our emails. Upon further investigation it seems that the failed emails are all to a common (well known) domain. We have not received any bounce messages for the emails. We've also contacted a few of the intended recipients, who have reported that the messages are not in their spam box; they simply did not receive anything. In these cases we re-sent the same email to an alternate address on another domain, which was successful received. One customer contacted their email provider about the issue. The provider recommended that we submit a form to be white-listed by their domain. Here's where my problem begins. I feel like this is heading down a slippery slope. Doesn't this undermine the very principle of email? If this is the appropriate action to take in these situations where will it end? In theory (following this model) it could be argued that eventually one will first need to "whitelist" (or more appropriately termed "authenticate") themselves with an email host before actually sending any messages. More to this point, what keeps the "bad" spammers from doing the same thing...? We've just gone full circle. I know avoiding anti-spam measures is a big cat-and-mouse game, but I think this is the wrong way of "patching" the problem. Email standards say that messages should not just disappear silently. I have a problem supporting a model that says "you must do < this to make sure your emails aren't ignored". I have a notion to call the provider and voice my complaint, although I have a feeling it will probably fall on deaf ears. Am I missing something here? Is this an acceptable approach to email spam problems? What should I do?

  Read the article

• Providing DNS redirection to honeypot server for known bad domains

  - by syn-

  Currently running BIND on RHEL 5.4 and am looking for a more efficient manner of providing DNS redirection to a honeypot server for a large (30,000+) list of forbidden domains. Our current solution for this requirement is to include a file containing a zone master declaration for each blocked domain in named.conf. Subsequently, each of these zone declarations point to the same zone file, which resolves all hosts in that domain to our honeypot servers. ...basically this allows us to capture any "phone home" attempts by malware that may infiltrate the internal systems. The problem with this configuration is the large amount of time taken to load all 30,000+ domains as well as management of the domain list configuration file itself... if any errors creep into this file, the BIND server will fail to start, thereby making automation of the process a little frightening. So I'm looking for something more efficient and potentially less error prone. named.conf entry: include "blackholes.conf"; blackholes.conf entry example: zone "bad-domain.com" IN { type master; file "/var/named/blackhole.zone"; allow-query { any; }; notify no; }; blackhole.zone entries: $INCLUDE std.soa @ NS ns1.ourdomain.com. @ NS ns2.ourdomain.com. @ NS ns3.ourdomain.com.                        IN            A                192.168.0.99 *                      IN            A                192.168.0.99

  Read the article

• Dead letter bin / black hole email address

  - by skypanther

  I'm looking for an email address that can be sent to where the mail will just be deleted without a bounce back. RFC 2606 defines example.com as a fictitious domain for documentation. Is there something similar for email? This will be used in printed documentation, needs to be stable (the domain can't go stale or replaced by an NSFW site), and as generic as possible.

  Read the article

• Login to a Windows 7 Computer with disabled Administrator account.

  - by sirlancelot

  I just built a Windows 7 Image using sysprep and a custom answer file that's supposed to attach to our domain. However, it did not attach to the domain and so I have a computer that has been automatically setup via unattend.xml and is sitting at a login screen; with no active users (Administrator account says it is disabled). Is there a way I can activate the Administrator account and rescue this machine or do I have to rebuild it from scratch?

  Read the article

• Password protect with apache2.conf works on files, but not on ports

  - by Camran

  I have changed the apache2.conf so that my website requires authentication. This works fine when typing the adress like this: www.domain.com or my_ip/ Problem is, I have Solr, which admin interface is on port 8983, so this: www.domain.com:8983/ does not require authorization. How can I add this port to also be authorized? Thanks

  Read the article

• Best Practices for "temporary" accounts in a Windows server environment?

  - by Millman

  Are there any best practices for "temporary worker" accounts in a Windows server environment? We have a couple of contractors joining the organization temporarily. They only need access to a few folders. Aside from joining them to the "Domain Guests" group and granting them access only to the folders specified. Are there any other issues to be aware of? We are in a Windows Server 2003 domain environment.

  Read the article

• Are FC and SAS DAS devices standard enough?

  - by user222182

  Before I ask my questions, here is some background info that may or may not be useful: For the first time I find myself needing a DAS solution. My priority is data through-put in a single direction. I can write large blocks, and I don't need to read at the same time. The server (the data producing device) is not really a typical server, its a very powerful single board computer. As such I have limited options when it comes to the add-in cards I can install since it must use the fairly uncommon interface, XMC. Currently I believe I am limited PCIex8 gen 1 which means that the likely bottle neck for me will be this 16gbps connection. XMC Boards I have found so far offer the following connections: a) Dual 10GBE ethernet controller, total throughput 20gbps b) Dual Quad SAS 2.0 Connectors (SFF-8XXX) HBA (no raid), total throughput 48 gbps c) Dual FC 8gb HBA (no raid), total throughput 16gbps My questions for you guys are: 1) Are SAS and/or FC, and by extension their HBAs, standard enough that I could purchase a Dell or Aberdeen storage server with a raid controller that has external SAS or FC ports and expect that I can connect it to my SAS or FC HBA, be presented with a single volume (if I so configured the storage server), all without having to check for HBA compatibility? 2) On a device like a Dell PowerVault (either DAS or NAS) is there an OS on it to concern myself with, or is it meant to be remotely managed? Is there a local interface in case I cant remotely manage it (i.e. if my single board computer uses an OS not supported by Dell OpenManage). Would this be true of nearly any device which calls itself a DAS? 3) If I purchase some sort of Supermicro storage chassis, installed a raid controller with external connections, is there a nice lightweight OS I can run just for management of the controller? Would I even need an OS since the raid card would be configured pre-boot anyway? 4) It is much easier to buy XMC based 10gigabit ethernet cards (generally dual port). In what ways would I be getting into trouble by using iSCSI as a DAS are direct cabling with SFP+ cables? Thanks in advance

  Read the article

• decommissioning WINS

  - by longneck

  My network has all 2008R2 domain controllers, but we are running Active Directory in Windows 2003 mode. Two of our domain controllers are configured as WINS servers. I have discovered that our copiers and fax machines are currently configured to use WINS to find their servers, so I'm in the process of configuring them to use DNS instead. How can I find out what else is actively using WINS? What procedure should I follow to decommission WINS from my network?

  Read the article

• Sendmail + m4 - problem converting mc files into cf

  - by zbigh

  Hi I'm currently trying to configure sendmail fo the first time and setup a mail server on a small embedded computer ( running a custom linux distribution ). I'm having an issue with the m4 macros: I'm trying to convert this: VERSIONID(`$Id: generic-linux.mc,v 8.1 1999/09/24 22:48:05 gshapiro Exp $') OSTYPE(linux)dnl DOMAIN(generic)dnl define(HELPFILE, `/etc/mail/helpfile') FEATURE(nouucp, `noscpecial') MAILER(local)dnl MAILER(smtp)dnl to sendmail.cf, but all the output I get when running m4 is: VERSIONID($Id: generic-linux.mc,v 8.1 1999/09/24 22:48:05 gshapiro Exp $) OSTYPE(linux)DOMAIN(generic) FEATURE(nouucp, noscpecial) MAILER(local)MAILER(smtp) Am I doing something wrong?

  Read the article

• Sendmail + m4 - problem converting mc files into cf

  - by zbigh

  Hi I'm currently trying to configure sendmail fo the first time and setup a mail server on a small embedded computer ( running a custom linux distribution ). I'm having an issue with the m4 macros: I'm trying to convert this: VERSIONID(`$Id: generic-linux.mc,v 8.1 1999/09/24 22:48:05 gshapiro Exp $') OSTYPE(linux)dnl DOMAIN(generic)dnl define(HELPFILE, `/etc/mail/helpfile') FEATURE(nouucp, `noscpecial') MAILER(local)dnl MAILER(smtp)dnl to sendmail.cf, but all the output I get when running m4 is: VERSIONID($Id: generic-linux.mc,v 8.1 1999/09/24 22:48:05 gshapiro Exp $) OSTYPE(linux)DOMAIN(generic) FEATURE(nouucp, noscpecial) MAILER(local)MAILER(smtp) Am I doing something wrong?

  Read the article

• How do I get apache RewriteRule working correctly for a subdomain

  - by yummm

  I just setup a subdomain with the following RewriteCond: RewriteCond $1 !^search.php$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^/?([^/]+)$ search.php?q=$1 [L,NS] I'm using the same rewrite condition on my main domain and it works perfectly. However, when I set it up on the subdomain, it simply outputs "index.php" when going to http://sub.domain.com Every page on the subdomain outputs the page name in the body instead of processing the code, except for the search page, which appears to be working correctly. What can I do to correct this issue?

  Read the article

• Access internal host from a subdomain of an external dns

  - by Mihai

  This image contains the topology I want to make work. I have a linux server that is used for hosting websites and also routing for our internal network. How can I access the internal server that hosts the team foundation server from outside from a domain like teamfoundation.example.com. The parent domain is hosted on the linux machine, is there a way to NAT the dns queries to the windows server? |LINUX SERVER| example.com | | Windows Server(teamfoundation.example.com) _______|_________SWITCH Internal Network

  Read the article

• How SMTP server works? need an understanding

  - by Rajeev

  Hi, I am looking for understanding on how SMTP server works in an environment? example, if I wish to run only SMTP server on windows 2008 for an explicit application, which is running on it's web serer, app. server and DB server. Do i need to register the domain so as to send emails from my domain, if i wish to send emails to some users from that SMTP server.

  Read the article

• Godaddy one page hosting

  - by liv a

  Disclaimer: not sure this is the right place for this kind of question, sorry in advance, just point me to the right place and I'll move it. In godaddy when paying only for domain, without hosting, they state you can get one page hosting for free but that option only opens their web-builder. I want to create a nicely design landing page, where the content is static.Is there a way to make my domain point to a wordpress one page or self created html one page/ landing page?

  Read the article

• Turn off forcing www.

  - by Kemo

  I have a 'clean' CentOS system with webmin, running Apache2 and BindDNS. When I try accessing the domain without www, I get instantly redirected to www.domain.name, as the Firebug Net console screenshot below displays http://pokit.etf.ba/upload/pokit141661fa46b11782745bb974d5140004.png What I need to know is; which are the most often reasons for this? If you need any more info, cfg or log files, please let me know

  Read the article

• Unable to access SVN externally - Could not open the requested SVN filesystem

  - by Webnet

  When I access the following URL on my machine https://svnserver:80/svn/web/domain.com I get the error: <D:error> <C:error/> <m:human-readable errcode="2"> Could not open the requested SVN filesystem </m:human-readable> </D:error> The exact name of my respository is domain.com, I have https up and running, so any ideas why I can't access the repository?

  Read the article

< Previous Page | 290 291 292 293 294 295 296 297 298 299 300 301  | Next Page >