Search Results

Search found 3366 results on 135 pages for 'openvpn auth ldap'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 30/135 | < Previous Page | 26 27 28 29 30 31 32 33 34 35 36 37  | Next Page >

  • How to prevent blocking http auth popups on firefox restart with many tabs open

    - by Glen S. Dalton
    I am using the latest firefox with tab mix plus and tabgoups manager. I have maybe 50 or 100 tabs oben in different tab groups. When I shutdown firefox and start it again all tabs and tab groups are perfectly rebuilt. But I have also many pages open that are behind a standard http auth, and these pages all request their usernames and passwords. So during startup firefox pops up all these pages' http auth windows. And they block everything else in firefox, they are like modal windows. (I am involved in website development and the beta versions are behind apache http auth.) I have to click many times the OK button in the popups, before I can do anything. All the usernames and passwords are already filled in. (And the firefox taskbar entry blinks and the firefox window heading also blinks, and focus switches back and foth, which also annoys me. And sometimes the popups do not react to my clicks, because firefox is maybe just switching focus somewhere else. This is the worst.) I want a plugin or some way to skip those popups. There are some plugins I tried some time ago, but they did not do what I need, because they require a mouse click for each login, which is no improvement over the situation like it already is. This is not about password storage (because firefox already stores them). But of course, if some password storing plugin could heal this it would be great.

    Read the article

  • Apache: redirect to https before AUTH for server-status

    - by Putnik
    I want to force https and basic auth for server-status output (mod_status). If I enable auth and user asks for http://site/server-status apache first asks for pass, then redirects to httpS, then asks for pass again. This question is similar to Apache - Redirect to https before AUTH and force https with apache before .htpasswd but I cannot get it work because we are speaking not about generic folder but Location structure. My config (shortly) is as follows: <Location /server-status> SSLRequireSSL <IfModule mod_rewrite.c> RewriteEngine on RewriteBase /server-status RewriteCond %{HTTPS} off RewriteCond %{SERVER_PORT} 80 RewriteRule ^ - [E=nossl] RewriteRule (.*) https://site/server-status} [R=301,L] </IfModule> SetHandler server-status Order deny,allow Deny from all Allow from localhost ip6-localhost Allow from 1.2.3.0/24 Allow from env=nossl AuthUserFile /etc/httpd/status-htpasswd AuthName "Password protected" AuthType Basic Require valid-user Satisfy any </Location> I assume Allow from env=nossl should allow everyone with RewriteCond %{HTTPS} off and server port 80, then force it to redirect but it does not work. Please note, I do not want force to SSL the whole site but /server-status only. If it matters the server has several sites. What am I doing wrong? Thank you.

    Read the article

  • Problem with Outlook 2010 (SMTP AUTH LOGIN)

    - by Filipe YaBa Polido
    **IGNORE THIS QUESTION - SOLVED WITH A PYTHON SCRIPT available at: http://yabahaus.blogspot.com I have to connect one customer Outlook 2010 to a remote server on which I have either no right, neither way to talk to the sysadmin. This is the thing, after installing and reviewing the logs on Wireshark: Outlook Express: HELO machine AUTH LOGIN username base64 encoded password base64 encoded mails go through. Outlook 2010: HELO machine AUTH DIGEST-MD5 response from server Outlook sends just a * AUTH LOGIN password base64 encoded So... I can send mails in the same domain, but can't send outside, it gives me a relay denied message. My point is... Why the h**l Outlook 2010 doesn't send the username AND the password?! It can never login the right way :| With other versions of Outlook it works fine, and with OE works great, it auths and allows to send mail to a different domain. I've googled and nothing worked. I'm pretty sure that I'm not alone with this one. My last resort will be to configure a local proxy/server that relays to the original one :| Any help would be appreciated. Sorry my bad english as is not my natural language. Thanks.

    Read the article

  • Problem with Outlook 2010 (SMTP AUTH LOGIN)

    - by Filipe YaBa Polido
    I have to connect one customer Outlook 2010 to a remote server on which I have either no right, neither way to talk to the sysadmin. This is the thing, after installing and reviewing the logs on Wireshark: Outlook Express: HELO machine AUTH LOGIN username base64 encoded password base64 encoded mails go through. Outlook 2010: HELO machine AUTH DIGEST-MD5 response from server Outlook sends just a * AUTH LOGIN password base64 encoded So... I can send mails in the same domain, but can't send outside, it gives me a relay denied message. My point is... Why the h**l Outlook 2010 doesn't send the username AND the password?! It can never login the right way :| With other versions of Outlook it works fine, and with OE works great, it auths and allows to send mail to a different domain. I've googled and nothing worked. I'm pretty sure that I'm not alone with this one. My last resort will be to configure a local proxy/server that relays to the original one :| Any help would be appreciated. Sorry my bad english as is not my natural language. Thanks.

    Read the article

  • Finding the current user authenticated by basic auth (Apache)

    - by jtd
    When you log in through a basic auth page, is the username you authenticated as stored anywhere (on the server or client machine), maybe in an environment variable? Background: I have a common web administration page for an e-mail server and I'd like to know who is doing what. When a user successfully logs in via basic auth, I somehow want to be able to identify them and log their actions. So each time a request is submitted, I can write to a log file. The basic format would be: $username ran a $function against $useraccount so if a user changed someone's permissions, eg: Admin-Bob ran a permission change against User-Scott So if errors occur, I can easily trace back in the log file what actions lead to the cause. I tried checking the %ENV hash to no avail, any Ideas? I don't really want to get into PHP-like sessions, because that would mean scrapping my basic auth, which gives me a fine degree of control already. If I have to code something with sessions, I'd need to implement a system to block users after maximum tries and so on, which I don't really want to code. I think this is better geared towards serverfault because it pertains to Apache moreso than the programming language. Sessions can be done in a myriad of languages.

    Read the article

  • SVN very slow over HTTP (seems auth related)

    - by Sydius
    I'm using SVN version 1.6.6 (r40053) via the command-line in Ubuntu 10.04 and connecting to a remote repository over HTTP that is in the local network. For a while, it worked fine, but has recently become very slow for any operation that requires communication with the repository, however it does eventually work after several minutes (~3m for svn up). Looking at Wireshark, it appears to be taking a full minute between the HTTP auth denied and the subsequent request containing credentials. The issue is local to my machine because other coworkers running Ubuntu are not having the issue and I've tried using my credentials from another machine and it was very fast. I tried deleting the .subversion folder in my home directory and checking everything out fresh, but it didn't help. Update: I think it's auth related. When I check out SVN repositories off of the Internet over HTTP (from Google Code, for example), everything is very fast until I do something that requires a password. Before prompting for the password for the first time, it stalls for at least a minute. Update 2: I set the neon-debug-mask in the SVN settings (in /etc/subversion/servers under [Global]) to 138 and it seems to spending a lot of time on 'auth: Trying Basic challenge...'

    Read the article

  • How to import certificate for Apache + LDAPS?

    - by user101956
    I am trying to get ldaps to work through Apache 2.2.17 (Windows Server 2008). If I use ldap (plain text) my configuration works great. LDAPTrustedGlobalCert CA_DER C:/wamp/certs/Trusted_Root_Certificate.cer LDAPVerifyServerCert Off <Location /> AuthLDAPBindDN "CN=corpsvcatlas,OU=Service Accounts,OU=u00958,OU=00958,DC=hca,DC=corpad,DC=net" AuthLDAPBindPassword ..removed.. AuthLDAPURL "ldaps://gc-hca.corpad.net:3269/dc=hca,dc=corpad,dc=net?sAMAccountName?sub" AuthType Basic AuthName "USE YOUR WINDOWS ACCOUNT" AuthBasicProvider ldap AuthUserFile /dev/null require valid-user </Location> I also tried the other encryption choices besides CA_DER just to be safe, with no luck. Finally, I also needed this with Apache tomcat. For tomcat I used the tomcat JRE and ran a line like this: keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias mycert -file Trusted_Root_Certificate.cer After doing the above line ldaps worked greate via tomcat. This lets me know that my certificate is a-ok. Update: Both ldap modules are turned on, since using ldap instead of ldaps works fine. When I run a git clone this is the error returned: C:\Tempgit clone http://eqb9718@localhost/git/Liferay.git Cloning into Liferay... Password: error: The requested URL returned error: 500 while accessing http://eqb9718@loca lhost/git/Liferay.git/info/refs fatal: HTTP request failed access.log has this: 127.0.0.1 - eqb9718 [23/Nov/2011:18:25:12 -0600] "GET /git/Liferay.git/info/refs service=git-upload-pack HTTP/1.1" 500 535 127.0.0.1 - eqb9718 [23/Nov/2011:18:25:33 -0600] "GET /git/Liferay.git/info/refs HTTP/1.1" 500 535 apache_error.log has nothing. Is there any more verbose logging I can turn on or better tests to do?

    Read the article

  • SquidGuard and Active Directory: how to deal with multiple groups?

    - by Massimo
    I'm setting up SquidGuard (1.4) to validate users against an Active Directory domain and apply ACLs based on group membership; this is an example of my squidGuard.conf: src AD_Group_A { ldapusersearch ldap://my.dc.name/dc=domain,dc=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=cn=Group_A%2cdc=domain%2cdc=com)) } src AD_Group_B { ldapusersearch ldap://my.dc.name/dc=domain,dc=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=cn=Group_B%2cdc=domain%2cdc=com)) } dest dest_a { domainlist dest_a/domains urllist dest_b/urls log dest_a.log } dest dest_b { domainlist dest_b/domains urllist dest_b/urls log dest_b.log } acl { AD_Group_A { pass dest_a !dest_b all redirect http://some.url } AD_Group_B { pass !dest_a dest_b all redirect http://some.url } default { pass !dest_a !dest_b all redirect http://some.url } } All works fine if an user is member of Group_A OR Group_B. But if an user is member of BOTH groups, only the first source rule is evaluated, thus applying only the first ACL. I understand this is due to how source rule matching works in SquidGuard (if one rule matches, evaluation stops there and then the related ACL is applied); so I tried this, too: src AD_Group_A_B { ldapusersearch ldap://my.dc.name/dc=domain,dc=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=cn=Group_A%2cdc=domain%2cdc=com)) ldapusersearch ldap://my.dc.name/dc=domain,dc=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=cn=Group_B%2cdc=domain%2cdc=com)) } acl { AD_Group_A_B { pass dest_a dest_b all redirect http://some.url } [...] } But this doesn't work, too: if an user is member of either one of those groups, the whole source rule is matched anyway, so he can reach both destinations (which is of course not what I want). The only solution I found so far is creating a THIRD group in AD, and assign a source rule and an ACL to it; but this setup grows exponentially with more than two or three destination sets. Is there any way to handle this better?

    Read the article

  • arch openldap authentication failure

    - by nonus25
    I setup the openldap, all look fine but i cant setup authentication, #getent shadow | grep user user:*::::::: tuser:*::::::: tuser2:*::::::: #getent passwd | grep user git:!:999:999:git daemon user:/:/bin/bash user:x:10000:2000:Test User:/home/user/:/bin/zsh tuser:x:10000:2000:Test User:/home/user/:/bin/zsh tuser2:x:10002:2000:Test User:/home/tuser2/:/bin/zsh from root i can login as a one of these users #su - tuser2 su: warning: cannot change directory to /home/tuser2/: No such file or directory 10:24 tuser2@juliet:/root i cant login via ssh also passwd is not working #ldapwhoami -h 10.121.3.10 -D "uid=user,ou=People,dc=xcl,dc=ie" ldap_bind: Server is unwilling to perform (53) additional info: unauthenticated bind (DN with no password) disallowed 10:30 root@juliet:~ #ldapwhoami -h 10.121.3.10 -D "uid=user,ou=People,dc=xcl,dc=ie" -W Enter LDAP Password: ldap_bind: Invalid credentials (49) typed password by me is correct /etc/openldap/slapd.conf access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to * by self write by users read by anonymous read access to * by dn="uid=root,ou=Roles,dc=xcl,dc=ie" write by users read by anonymous auth access to attrs=userPassword,gecos,description,loginShell by self write access to attrs="userPassword" by dn="uid=root,ou=Roles,dc=xcl,dc=ie" write by anonymous auth by self write by * none access to * by dn="uid=root,ou=Roles,dc=xcl,dc=ie" write by dn="uid=achmiel,ou=People,dc=xcl,dc=ie" write by * search access to attrs=userPassword by self =w by anonymous auth access to * by self write by users read database hdb suffix "dc=xcl,dc=ie" rootdn "cn=root,dc=xcl,dc=ie" rootpw "{SSHA}AM14+..." there are some parts of that conf file /etc/openldap/ldap.conf looks : BASE dc=xcl,dc=ie URI ldap://192.168.10.156/ TLS_REQCERT allow TIMELIMIT 2 so my question is what i am missing that ldap not allow me login by using password ?

    Read the article

  • The Story of secure user-authentication in squid

    - by Isaac
    once upon a time, there was a beautiful warm virtual-jungle in south america, and a squid server lived there. here is an perceptual image of the network: <the Internet> | | A | B Users <---------> [squid-Server] <---> [LDAP-Server] When the Users request access to the Internet, squid ask their name and passport, authenticate them by LDAP and if ldap approved them, then he granted them. Everyone was happy until some sniffers stole passport in path between users and squid [path A]. This disaster happened because squid used Basic-Authentication method. The people of jungle gathered to solve the problem. Some bunnies offered using NTLM of method. Snakes prefered Digest-Authentication while Kerberos recommended by trees. After all, many solution offered by people of jungle and all was confused! The Lion decided to end the situation. He shouted the rules for solutions: Shall the solution be secure! Shall the solution work for most of browsers and softwares (e.g. download softwares) Shall the solution be simple and do not need other huge subsystem (like Samba server) Shall not the method depend on special domain. (e.g. Active Directory) Then, a very resonable-comprehensive-clever solution offered by a monkey, making him the new king of the jungle! can you guess what was the solution? Tip: The path between squid and LDAP is protected by the lion, so the solution have not to secure it. Note: sorry if the story is boring and messy, but most of it is real! =) /~\/~\/~\ /\~/~\/~\/~\/~\ ((/~\/~\/~\/~\/~\)) (/~\/~\/~\/~\/~\/~\/~\) (//// ~ ~ \\\\) (\\\\( (0) (0) )////) (\\\\( __\-/__ )////) (\\\( /-\ )///) (\\\( (""""") )///) (\\\( \^^^/ )///) (\\\( )///) (\/~\/~\/~\/) ** (\/~\/~\/) *####* | | **** /| | | |\ \\ _/ | | | | \_ _________// Thanks! (,,)(,,)_(,,)(,,)--------'

    Read the article

  • secure user-authentication in squid

    - by Isaac
    once upon a time, there was a beautiful warm virtual-jungle in south america, and a squid server lived there. here is an perceptual image of the network: <the Internet> | | A | B Users <---------> [squid-Server] <---> [LDAP-Server] When the Users request access to the Internet, squid ask their name and passport, authenticate them by LDAP and if ldap approved them, then he granted them. Everyone was happy until some sniffers stole passport in path between users and squid [path A]. This disaster happened because squid used Basic-Authentication method. The people of jungle gathered to solve the problem. Some bunnies offered using NTLM of method. Snakes prefered Digest-Authentication while Kerberos recommended by trees. After all, many solution offered by people of jungle and all was confused! The Lion decided to end the situation. He shouted the rules for solutions: Shall the solution be secure! Shall the solution work for most of browsers and softwares (e.g. download softwares) Shall the solution be simple and do not need other huge subsystem (like Samba server) Shall not the method depend on special domain. (e.g. Active Directory) Then, a very resonable-comprehensive-clever solution offered by a monkey, making him the new king of the jungle! can you guess what was the solution? Tip: The path between squid and LDAP is protected by the lion, so the solution have not to secure it. Note: sorry for this boring and messy story! /~\/~\/~\ /\~/~\/~\/~\/~\ ((/~\/~\/~\/~\/~\)) (/~\/~\/~\/~\/~\/~\/~\) (//// ~ ~ \\\\) (\\\\( (0) (0) )////) (\\\\( __\-/__ )////) (\\\( /-\ )///) (\\\( (""""") )///) (\\\( \^^^/ )///) (\\\( )///) (\/~\/~\/~\/) ** (\/~\/~\/) *####* | | **** /| | | |\ \\ _/ | | | | \_ _________// Thanks! (,,)(,,)_(,,)(,,)--------'

    Read the article

  • secure user-authentication in squid: The Story

    - by Isaac
    once upon a time, there was a beautiful warm virtual-jungle in south america, and a squid server lived there. here is an perceptual image of the network: <the Internet> | | A | B Users <---------> [squid-Server] <---> [LDAP-Server] When the Users request access to the Internet, squid ask their name and passport, authenticate them by LDAP and if ldap approved them, then he granted them. Everyone was happy until some sniffers stole passport in path between users and squid [path A]. This disaster happened because squid used Basic-Authentication method. The people of jungle gathered to solve the problem. Some bunnies offered using NTLM of method. Snakes prefered Digest-Authentication while Kerberos recommended by trees. After all, many solution offered by people of jungle and all was confused! The Lion decided to end the situation. He shouted the rules for solutions: Shall the solution be secure! Shall the solution work for most of browsers and softwares (e.g. download softwares) Shall the solution be simple and do not need other huge subsystem (like Samba server) Shall not the method depend on special domain. (e.g. Active Directory) Then, a very resonable-comprehensive-clever solution offered by a monkey, making him the new king of the jungle! can you guess what was the solution? Tip: The path between squid and LDAP is protected by the lion, so the solution have not to secure it. Note: sorry for this boring and messy story! /~\/~\/~\ /\~/~\/~\/~\/~\ ((/~\/~\/~\/~\/~\)) (/~\/~\/~\/~\/~\/~\/~\) (//// ~ ~ \\\\) (\\\\( (0) (0) )////) (\\\\( __\-/__ )////) (\\\( /-\ )///) (\\\( (""""") )///) (\\\( \^^^/ )///) (\\\( )///) (\/~\/~\/~\/) ** (\/~\/~\/) *####* | | **** /| | | |\ \\ _/ | | | | \_ _________// Thanks! (,,)(,,)_(,,)(,,)--------'

    Read the article

  • Simple NAS setup for Ubuntu

    - by Sean Houlihane
    So, I want to connect my shiny new NAS (QNAP TS-210p II) to my Ubuntu 11.10 box. I have a 2nd Ubuntu machine, but I don't use that enough to be too worried about it. Use is ideally to offload all storage except for system (which can then run off a 30GB flash drive). The main machine also runs Myth front/backends. Both are on a wired network currently. I have got a basic setup working, mounted over NFS, but have some issues, and whenever I look for answers, I seem to get unto the UbuntuServer domain, with what seems like more detail than I want in an answer. Questions I have identified so far: 1) Sharing UIDs to get file permissions correct. LDAP or something else? What is necessary to make this work? 2) Mounting an NFS device reliably. Do I just add it in fstab or is some sort of auto-mount advisable? Its a wired network, but I shouldn't need to worry about reboot after power-outages and sequencing...

    Read the article

  • NFS users getting a laggy GUI expierence

    - by elzilrac
    I am setting up a system (ubuntu 12.04) that uses ldap, pam, and autofs to load users and their home folders from a remote server. One of the options for login is sitting down at the machine and starting a GUI session. Programs such as chormium (browser) that preform many read/write operations in the ~/.cache and ~/.config files are slowing down the GUI experience as well as putting strain of the NFS server that is causing other users to have problems. Ubuntu had the handy-dandy XDG_CONFIG_HOME and XDG_CACHE_HOME variables that can be set to change the default location of .cache and .config from the home folder to somewhere else. There are several places to set them, but most of them are not optimal. /etc/environment pros: will work across all shells cons: cannot use variables like $USER so that you can't make users have different new locations for .cache and .config. Every users' new location would be the same directory. /etc/bash.bashrc pros: $USER works, so you can place them in different folders cons: only gets run for bash compatible shells ~/.pam_environment pros: works regardless of shell cons: cannot use system variables (like $USER), has it's own syntax, and has to be created for every user

    Read the article

  • How to setup DNS server behind a VPN

    - by Brian
    I want to host some websites behind a VPN and I need some help with the finer points of the configuration. Thus far I've settled on OpenVPN + Bind9 and I want to configure the domains like this: External DNS mail.example.com www.example.com vpn.example.com I want to be able to connect to the vpn using 'vpn.example.com'. Once connected I then want to be able to resolve anything which is '*.vpn.example.com' with the DNS server sitting behind the VPN. I know that OpenVPN can push DNS servers to clients when they connect. I am having trouble though with the DNS config, both internal and external. I've gone through a few tutorials etc. and tried to reason about it myself but I'm not getting anywhere. So my main question would be does the above configuration make sense? If so, any general pointers or examples would be greatly appreciated. Here's what I've tried so far based on this tutorial (I've redacted my domain with example.com). When I try the tests with dig at the end to check the resolution is working it fails. db.vpn.example.com $TTL 15m vpn.example.com. IN SOA ns.vpn.example.com. [email protected]. ( 2009010910 ;serial 900 ;refresh 900 ;retry 900 ;expire 900 ;minimum TTL ) vpn.example.com. IN NS ns.vpn.example.com. ns IN A 192.168.0.2 test IN A 192.168.0.2

    Read the article

  • VPN with client-to-client direct connectivity?

    - by Johannes Ernst
    When setting up a VPN, clients (say client1 and client2) usually authenticate to a server, and together the three constitute the VPN. When client1 wishes to send a packet to client2, this packet usually gets routed by way of server. Are there products / configuration blueprints for products where it is possible to send packets directly from client1 to client2 without going though server? (if the underlying network topology permits it, e.g. no firewalls in the way) If not, is there a way by which client1 can send a packet to client2 by way of server, without the server being able to snoop on the content of the packet? (E.g. because the packet is encrypted with the public key of client2) I just asked in the OpenVPN forum, and the answer I got was "not with OpenVPN". So my question is: are there other products with which this is possible? Open-source preferred ... One use case: client1 and client2, typically in separate offices, find themselves both at headquarters. Do they still need to talk to each other via the public internet? Links appreciated. Thank you.

    Read the article

  • tcp connect hangs on SYN_SENT if something listens, gets CONN_REFUSED if nothing listens

    - by Amos Shapira
    I'm hitting a very strange problem - when I try to connect to one of our servers the client hangs with SYN_SENT if something listens on the port (e.g. Apache on port 80, sshd on port 22 or SMTP on port 25) but if I try to connect to a port on which nothing listens then I immediately get a "CONNECTION refused" error. Connecting to other applications (e.g. rsyncd on some arbitrary port) succeeds. I ran tcpdump on the server and see that the SYN packets arrive to it but it only sends a response if nothing listens on that port. e.g.: on the server I run: # tcpdump -nn port 81 06:49:34.641080 IP 10.x.y.z.49829 server.81: S 3966400723:3966400723(0) win 12320 06:49:34.641118 IP server.81 x.y.z.49829: R 0:0(0) ack 3966400724 win 0 But if I listen on this port, e.g. with nc -4lvvv 81 & Then the output of tcpdump is: 06:44:31.063614 IP x.y.z.45954 server.81: S 3493682313:3493682313(0) win 12320 (and repeats until I stop it) The server is CentOS 5, the client is Ubuntu 11.04, the connection is done between two LAN's over per-user TCP OpenVPN. Connection to other servers on that network do not have a problem. Connecting from the other servers on the same network to that server works fine. Connections from other clients in our office over openvpn is also not a problem. What am I missing? Thanks.

    Read the article

  • Setup LDAP In WAMP

    - by Cory Dee
    I'm having a really tough time getting the LDAP extensions to work in PHP on a WAMP server. Here is what I've done: Went to C:\Program Files\Apache Software Foundation\Apache2.2\modules and made sure that mod_ldap.so exists. I've gone into C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf and made sure that this line is not commented out: LoadModule ldap_module modules/mod_ldap.so I've gone into C:\Program Files\PHP\php.ini and made sure this line is not commented out: extension=php_ldap.dll I've made sure C:\Program Files\PHP is in the Path I've made sure C:\Program Files\PHP contains libeay32.dll and ssleay32.dll Restart apache phpinfo() still doesn't show mod_ldap as being turned on. It shows util_ldap under Loaded Modules, but that's the only reference anywhere to LDAP. For a bit more background, I originally posted this on SO.

    Read the article

  • Redmine Subversion: LDAP _and_ local auth

    - by Frank Brenner
    I need to set up a subversion repository with apache authentication against both an external LDAP server as well as the local Redmine database. That is, we have users whose accounts exist only in the LDAP directory and some users whose accounts only exist in the local Redmine db - all should be able to access the repo. I can't quite seem to get the apache config right for this. I know I saw a how-to for this at some point, I think using Redmine.pm, but I can't seem to find it anymore.. Thanks.

    Read the article

  • Tunneling a public IP to a remote machine

    - by Jim Paris
    I have a Linux server A with a block of 5 public IP addresses, 8.8.8.122/29. Currently, 8.8.8.122 is assigned to eth0, and 8.8.8.123 is assigned to eth0:1. I have another Linux machine B in a remote location, behind NAT. I would like to set up an tunnel between the two so that B can use the IP address 8.8.8.123 as its primary IP address. OpenVPN is probably the answer, but I can't quite figure out how to set things up (topology subnet or topology p2p might be appropriate. Or should I be using Ethernet bridging?). Security and encryption is not a big concern at this point, so GRE would be fine too -- machine B will be coming from a known IP address and can be authenticated based on that. How can I do this? Can anyone suggest an OpenVPN config, or some other approach, that could work in this situation? Ideally, it would also be able to handle multiple clients (e.g. share all four of spare IPs with other machines), without letting those clients use IPs to which they are not entitled.

    Read the article

  • Route outbound connections from local network through VPN

    - by Sharkos
    I have a server A running OpenVPN, an OpenVPN client B (a rooted Android phone as it happens) and a third party C (a laptop, tablet etc.) tethered to B. B can use the VPN to access the internet via A; C can use the tethered connection WITHOUT the VPN to access the internet via B. However, with the VPN on B active, I cannot load information from the internet on C. A appears to log similar traffic inbound and outbound when B or C attempt to load a webpage, say, but the VPN on device B reports no inbound traffic when the connection originated from C. Where should I look for packets being dropped, and what ip rules should I use to make sure they are passed back through the VPN and into the local network B <- C? (I'll obviously post whatever further information is needed.) Further info Without VPN: root@android:/ # ip route default via [B's External Gateway] dev rmnet0 [B's External Subnet] dev rmnet0 proto kernel scope link src [B's External IP] [B's External Gateway] dev rmnet0 scope link 192.168.43.0/24 dev wlan0 proto kernel scope link src 192.168.43.1 With VPN: root@android:/ # ip route 0.0.0.0/1 dev tun0 scope link default via [B's External Gateway] dev rmnet0 [B's External Subnet] dev rmnet0 proto kernel scope link src [B's External IP] [B's External Gateway] dev rmnet0 scope link [External address of A] dev tun0 scope link 128.0.0.0/1 dev tun0 scope link 172.16.0.0/24 dev tun0 scope link 172.16.0.8/30 dev tun0 proto kernel scope link src 172.16.0.10 192.168.43.0/24 dev wlan0 proto kernel scope link src 192.168.43.1 192.168.168.0/24 dev tun0 scope link

    Read the article

  • Setting up a server that routes local traffic through vpn, while still being able to access internet directly

    - by Kazuo
    The goal is to setup a local server that routes local traffic through an uncontrolled remote vpn service while still being able to access the internet directly (not tunneled via vpn) and provide services through that direct connection. It is supposed to look like this: http://i.stack.imgur.com/74dGC.png Note: There is another router with modem between the local server and the internet. What is the easiest (best?) way to get this network setup working? I'm planning to setup the connection between the local router and the local server with simple ip forwarding. The problem now is that all the server's traffic is routed through the vpn tunnel as soon as I connect the server's openvpn client to the remote service so there is no direct internet connection available. My first idea was to setup a virtual machine (lxc container or something) and run the vpn client and local networking stuff in the vm. So that the vm receives all the incoming traffic from the local router and tunnels it through the vpn. This, as far as I understand, should not affect the physical server's network connection and should allow it to provide services to the internet. Before I start trying to set this up (I don't have much experience in networking), is there any easier or better way to do this? I would be thankful for every suggestion. Edit: Let's say the interface connected to the internet is eth0 and the interface connected to the local router is eth1. Another idea would be to create a virtual interface eth0:0 and specifiy it as openvpn's local endpoint and then force any traffic coming from eth1 through eth0:0. I'm not sure how I would force the traffic through eth0:0, though (possibly by adding routes).

    Read the article

  • Dynamic group membership to work around no nested security group support for Active Directory

    - by Bernie White
    My problem is that I have a number of network administration applications like SAN switches that do not support nested groups from Active Directory Domain Services (AD DS). These legacy administration applications use either LDAP or LDAPS. I am fairly sure I can use Active Directory Lightweight Directory Services (AD LDS) and possibly Windows Authorization Manager to work around this issue; however I am not really sure where to start. I want to end up with: A single group that can be queried over LDAP/LDAPS for all it’s direct members LDAP proxy for user name and password credentials to AD DS Easy way to admin the group, ideally the group would aggregate the nested membership in AD DS. a native solution using freely available components from the Windows stack. If you have any suggestions or solutions that you have previously used to solve this issue please let me know.

    Read the article

  • IPTables masquerading with one NIC

    - by Tuinslak
    Hi, I am running an OpenVPN server with only one NIC. This is my current layout: public.ip > Cisco firewall > lan.ip > OpenVPN server lan.ip = 192.168.22.70 The Cisco firewall forwards the requests to the oVPN server, thus so far everything works and clients are able to connect. However, all clients connected should be able to access 3 networks: lan1: 192.168.200.0 (vpn lan) > tun0 lan2: 192.168.110.0 (office lan) > eth1 (gw 192.168.22.1) lan3: 192.168.22.0 (server lan) > eth1 (broadcast network) So tun0 is mapped to eth1. Iptables output: # iptables-save # Generated by iptables-save v1.4.2 on Wed Feb 16 14:14:20 2011 *filter :INPUT ACCEPT [327:26098] :FORWARD DROP [305:31700] :OUTPUT ACCEPT [291:27378] -A INPUT -i lo -j ACCEPT -A INPUT -i tun0 -j ACCEPT -A INPUT -i ! tun0 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable -A INPUT -i ! tun0 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -d 192.168.200.0/24 -i tun0 -j DROP -A FORWARD -s 192.168.200.0/24 -i tun0 -j ACCEPT -A FORWARD -d 192.168.200.0/24 -i eth1 -j ACCEPT COMMIT # Completed on Wed Feb 16 14:14:20 2011 # Generated by iptables-save v1.4.2 on Wed Feb 16 14:14:20 2011 *nat :PREROUTING ACCEPT [302:26000] :POSTROUTING ACCEPT [3:377] :OUTPUT ACCEPT [49:3885] -A POSTROUTING -o eth1 -j MASQUERADE COMMIT # Completed on Wed Feb 16 14:14:20 2011 Yet, clients are unable to ping any ip (including 192.168.200.1, which is the oVPN's IP) When the machine was directly connected to the internet, with 2 NICs, it was quite simply solved with masquerading and adding static routes in the oVPN client's config. However, as masquerading won't accept virtual interfaces (eth0:0, etc) I am unable to get masquerading to work again (and I'm not even sure whether I need virtual interfaces). Thanks. Edit: OpenVPN server: # ifconfig eth1 Link encap:Ethernet HWaddr ba:e6:64:ec:57:ac inet addr:192.168.22.70 Bcast:192.168.22.255 Mask:255.255.255.0 inet6 addr: fe80::b8e6:64ff:feec:57ac/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6857 errors:0 dropped:0 overruns:0 frame:0 TX packets:4044 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:584046 (570.3 KiB) TX bytes:473691 (462.5 KiB) Interrupt:14 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:334 errors:0 dropped:0 overruns:0 frame:0 TX packets:334 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:33773 (32.9 KiB) TX bytes:33773 (32.9 KiB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:192.168.200.1 P-t-P:192.168.200.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) ifconfig on a client: # ifconfig eth0 Link encap:Ethernet HWaddr 00:22:64:71:11:56 inet addr:192.168.110.94 Bcast:192.168.110.255 Mask:255.255.255.0 inet6 addr: fe80::222:64ff:fe71:1156/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3466 errors:0 dropped:0 overruns:0 frame:0 TX packets:1838 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:997924 (974.5 KiB) TX bytes:332406 (324.6 KiB) Interrupt:17 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:37847 errors:0 dropped:0 overruns:0 frame:0 TX packets:37847 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2922444 (2.7 MiB) TX bytes:2922444 (2.7 MiB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:192.168.200.30 P-t-P:192.168.200.29 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:689 errors:0 dropped:18 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 B) TX bytes:468778 (457.7 KiB) wlan0 Link encap:Ethernet HWaddr 00:16:ea:db:ae:86 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:704699 errors:0 dropped:0 overruns:0 frame:0 TX packets:730176 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:520385963 (496.2 MiB) TX bytes:225210422 (214.7 MiB) static routes line at the end of the client's config (I've been playing around with the 192.168.200.0 -- (un)commenting to see if anything changes): route 192.168.200.0 255.255.255.0 route 192.168.110.0 255.255.255.0 route 192.168.22.0 255.255.255.0 route on a vpn client: # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.200.29 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.22.0 192.168.200.29 255.255.255.0 UG 0 0 0 tun0 192.168.200.0 192.168.200.29 255.255.255.0 UG 0 0 0 tun0 192.168.110.0 192.168.200.29 255.255.255.0 UG 0 0 0 tun0 192.168.110.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.110.1 0.0.0.0 UG 0 0 0 eth0 edit: Weirdly enough, if I set push "redirect-gateway def1" in the server config, (and thus routes all traffic through VPN, which is not what I want), it seems to work.

    Read the article

  • Connecting to a LDAPS server

    - by Pavanred
    I am working on a development machine and I am trying to connect to my LDAP server. This is what I do - telnet ldaps- 686 then the response is - Could not open connection to the host on port 686 : connect failed But, the strange part is when I connect to my server - telnet ldap- 389 then the connection is successful. My question is, why does this happen? Do I have to install SSL certificate on the client machine where I make the call from? I do not know much about this. I know for a fact that the LDAP server is working fine because other applications are successfully using it currently.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 26 27 28 29 30 31 32 33 34 35 36 37  | Next Page >