Search Results

Search found 3366 results on 135 pages for 'openvpn auth ldap'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 36/135 | < Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >

  • Error getting PAM / Linux integrated with Active Directory

    - by topper
    I'm trying to add a Linux server to a network which is controlled by AD. The aim is that users of the server will be able to authenticate against the AD domain. I have Kerberos working, but NSS / PAM are more problematic. I'm trying to debug with a simple command such as the following, please see the error. Can anyone assist me to debug? root@antonyg04:~# ldapsearch -H ldap://raadc04.corp.MUNGED.com/ -x -D "cn=MUNGED,ou=Users,dc=corp,dc=MUNGED,dc=com" -W uid=MUNGED Enter LDAP Password: ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece I have had to munge some details, but I can tell you that cn=MUNGED is my username for logging into the AD domain, and the password that I typed was the password for said domain. I don't know why it says "Invalid credentials", and the rest of the error is so cryptic, I have no idea. Is my approach somehow flawed? Is my DN obviously wrong? How can I confirm the correct DN? There was a tool online but I can't find it. NB I have no access to the AD Server for administration or configuration.

    Read the article

  • CUPS basic auth error through web interface

    - by Inaimathi
    I'm trying to configure CUPS to allow remote administration through the web interface. There's enough documentation out there that I can figure out what to change in my cupsd.conf (changing Listen localhost:631 to Port 631, and adding Allow @LOCAL to the /, /admin and /admin/conf sections). I'm now at the point where I can see the CUPS interface from another machine on the same network. The trouble is, when I try to Add Printer, I'm asked for a username and password, but my response is rejected even when I know I've gotten it right (I assume it's asking for the username and password of someone in the lpadmin group on the server machine; I've sshed in with credentials its rejecting, and the user I'm using has been added to the lpadmin group). If I disable auth outright, by changing DefaultAuthType Basic to DefaultAuthType None, I get an "Unauthorized" error instead of a password request when I try to Add Printer. What am I doing wrong? Is there a way of letting users from the local network to administer the print server through the CUPS web interface? EDIT: By request, my complete cupsd.conf (spoiler: minimally edited default config file that comes with the edition of CUPS from the Debian wheezy repos): LogLevel warn MaxLogSize 0 SystemGroup lpadmin Port 631 # Listen localhost:631 Listen /var/run/cups/cups.sock Browsing On BrowseOrder allow,deny BrowseAllow all BrowseLocalProtocols CUPS dnssd # DefaultAuthType Basic DefaultAuthType None WebInterface Yes <Location /> Order allow,deny Allow @LOCAL </Location> <Location /admin> Order allow,deny Allow @LOCAL </Location> <Location /admin/conf> AuthType Default Require user @SYSTEM Order allow,deny Allow @LOCAL </Location> # Set the default printer/job policies... <Policy default> # Job/subscription privacy... JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default # Job-related operations must be done by the owner or an administrator... <Limit Create-Job Print-Job Print-URI Validate-Job> Order deny,allow </Limit> <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> Require user @OWNER @SYSTEM Order deny,allow </Limit> # All administration operations require an administrator to authenticate... <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices> AuthType Default Require user @SYSTEM Order deny,allow </Limit> # All printer operations require a printer operator to authenticate... <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> AuthType Default Require user @SYSTEM Order deny,allow </Limit> # Only the owner or an administrator can cancel or authenticate a job... <Limit Cancel-Job CUPS-Authenticate-Job> Require user @OWNER @SYSTEM Order deny,allow </Limit> <Limit All> Order deny,allow </Limit> </Policy> # Set the authenticated printer/job policies... <Policy authenticated> # Job/subscription privacy... JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default # Job-related operations must be done by the owner or an administrator... <Limit Create-Job Print-Job Print-URI Validate-Job> AuthType Default Order deny,allow </Limit> <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> AuthType Default Require user @OWNER @SYSTEM Order deny,allow </Limit> # All administration operations require an administrator to authenticate... <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> AuthType Default Require user @SYSTEM Order deny,allow </Limit> # All printer operations require a printer operator to authenticate... <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> AuthType Default Require user @SYSTEM Order deny,allow </Limit> # Only the owner or an administrator can cancel or authenticate a job... <Limit Cancel-Job CUPS-Authenticate-Job> AuthType Default Require user @OWNER @SYSTEM Order deny,allow </Limit> <Limit All> Order deny,allow </Limit> </Policy>

    Read the article

  • Spring security custom principal bean

    - by wuntee
    I have a web application that is set up to use the default ldap server/authentication manager/authentication provider/user service. I have another DAO that already does majority of the work that those do (besides the authenticating a user) using Spring-LDAP. My problem is that I want the principal to be of my own custom bean class. What is the simplest way to do this? Initially I was thinking to create a custom authentication provider, but since the default one does exactly what I want, there doesnt seem to be a need. I am thinking I just need to override whatever object actually returns the Principal bean. Is this possible, and able to be injected into the security ldap authenticator context?

    Read the article

  • Active Directory List OU's

    - by Stephen Murby
    I have this code currently, string defaultNamingContext; DirectoryEntry rootDSE = new DirectoryEntry("LDAP://RootDSE"); defaultNamingContext = rootDSE.Properties["defaultNamingContext"].Value.ToString(); rootDSE = new DirectoryEntry("LDAP://" + defaultNamingContext); //DirectoryEntry domain = new DirectoryEntry((string)"LDAP://" + defaultNamingContext); DirectorySearcher ouSearch = new DirectorySearcher(rootDSE,"(objectCategory=Organizational-Unit)", null, SearchScope.Subtree); MessageBox.Show(rootDSE.Path.ToString()); try { SearchResultCollection collectedResult = ouSearch.FindAll(); foreach (SearchResult temp in collectedResult) { comboBox1.Items.Add(temp.Properties["name"][0]); DirectoryEntry ou = temp.GetDirectoryEntry(); } } When i use the debugger i can see that rootDSE.Path is infact pointing to the right place, in this case "DC=g-t-p,DC=Local" but the directory searcher doesn't find any results. Can anyone help?

    Read the article

  • Why does Spring Security's BindAuthenticator require read permissions for users?

    - by Thomas
    Hi all, I'm currently implementing/configuring the LDAP authentication of a Java web application using Spring Security 3.0. I'm using Microsoft AD LDS as LDAP server and chose the Spring's BindAuthenticator. I found out that the authentication only works if the authenticated user is a member of the partition's Readers role. The BindAuthenticator tries to read the user's attributes after the authentication, which seems reasonable in scenarios where authorities are retrieved from the directory service. Being new to LDAP and AD, is this an acceptable practise when the application is integrated in an existing AD structure? Can fine-tune an give the user dns only read permissions for their own attributes rather than adding them to the Reader group? Thanks Thomas

    Read the article

  • ldapsearch and vcard creation

    - by Aaron Hoffman
    I'm using openldap on Mac OS X Server 10.6 and need to generate a vcard for all the users in a given group. By using the ldapsearch I can list all the memberUid's for all users in that group. I found a perl script (Advanced LDAP Search or ALS) that was written by someone that will generate the vcard easily. ALS can be found here http://www.ldapman.org/tools/als.gz So what I need to do is create a wrapper script (in python or perl) that will effectively loop through the memberUid's and run the ALS command to create the vcard and append it to the file. This command provides the memberUid's: ldapsearch -x -b 'dc=ldap,dc=server,dc=com' '(cn=testgroup)' Then running ALS gives the vcard: als -b dc=ldap,dc=server,dc=com -V uid=aaronh > vcardlist.vcf If it's easier to do this using Perl since ALS is already using it that would be fine. I've done more work in python but I'm open to suggestions. Thanks in advance, Aaron

    Read the article

  • Why does Perl complain "Can't modify constant item in scalar assignment"?

    - by joe
    I have this Perl subroutine that is causing a problem: sub new { my $class = shift; my $ldap_obj = Net::LDAP->new( 'test.company.com' ) or die "$@"; my $self = { _ldap = $ldap_obj, _dn ='dc=users,dc=ldap,dc=company,dc=com', _dn_login = 'dc=login,dc=ldap,dc=company,dc=com', _description ='company', }; # Print all the values just for clarification. bless $self, $class; return $self; } what is wrong on this code : i got this error Can't modify constant item in scalar assignment at Core.pm line 12, near "$ldap_obj,"

    Read the article

  • Redirect-gateway def1

    - by John
    I have setup OpenVPN on my server, and I am able to connect to it just fine, and browse the web, etc, from the client box. If I set the following option in the client config, I can no longer browse the web via domain name: redirect-gateway def1 On the server, I have run the following command: iptables -t nat -s 10.8.0.0/24 -A POSTROUTING -j SNAT --to myserver'sIP but that hasn't changed anything. Can anyone help suggest something?

    Read the article

  • VPN, Tunneling to hide 'real IP' through my proxy server while showing the client IP on 'real' server side

    - by mickula
    I would like to hide my 'main server' behind the load balancer, call it 'proxy server' Although I use some closed-source software on 'main server' and it needs the client IP address to operate well. When I'm setting up some VPN connection, in that software it displays the IP address of my 'proxy server'. Is there any option to set up such tunneling or vpn to: not reveal IP of 'main server' show the IP of 'client' in 'application' on 'main server' I will be grateful for all your replies and ideas.

    Read the article

  • TeamViewer cannot connect

    - by Cetin Sert
    Last week I decided to use TeamViewer VPN to administer software on a server behind a firewall using RemoteDesktop. It was easy to configure to start-up with the system and make VPN available on the other side but now it fails to connect at the step shown below: The remote machine is running Windows Server 2008 R2. Is there a native way to circumvent the external firewall using a server role or feature to make Windows Server do the VPN work? Do people have better / more reliable experiences with other products such as Hamachi? The requirements are as follows: Start at remote system start-up time Make VPN connections to the remote machine possible

    Read the article

  • Restrict VPN client traffic to certain domains/IP

    - by mr-euro
    Hi Is there any way to restrict a VPN client to only route certain traffic via the VPN and the rest via their local gateway? For example: traffic to a certain IP or domain gets routed across the VPN and all other requests do not. Let me know if you need more details. Thank you.

    Read the article

  • Tunnelblick cannot load private key file

    - by Patrick
    I got a certificate from my network administrator and the passphrase for it. Put everything in the Tunnelblick configuration folder, but always get an error: 2010-11-20 13:22:10 Cannot load private key file vpn-pass.key: error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt: error:0906A065:PEM routines:PEM_do_header:bad decrypt: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib Everything was copy&paste and it works on a windows machine. How can I get this to work?

    Read the article

  • TeamViewer cannot connect

    - by Cetin Sert
    Last week I decided to use TeamViewer VPN to administer software on a server behind a firewall using RemoteDesktop. It was easy to configure to start-up with the system and make VPN available on the other side but now it fails to connect at the step shown below: The remote machine is running Windows Server 2008 R2. Is there a native way to circumvent the external firewall using a server role or feature to make Windows Server do the VPN work? Do people have better / more reliable experiences with other products such as Hamachi? The requirements are as follows: Start at remote system start-up time Make VPN connections to the remote machine possible

    Read the article

  • Cisco VPN and .pcf file

    - by yael
    I have few of profiles .pcf files , and I used them in order to automate the vpmclient connection VIA CLI command I have WIN XP server for example vpmclient connect "customor_alpha" until now everything is ok but I have problem with the last of my profiles - area1.pcf the problem is when I type in CMD window the following ( to create VPN connection ) vpmclient connect "area1" after 2 second CISCO window will pop up and ask for password , ( username already defined in window ) please advice what could be the problem , why I get the "CISCO PVN window" ? or maybe I have some in correct syntax in my .pcf file , I checked the .pcf file again and again and I couldn't find the problem ? example of area1.pcf ( only example - not my real pcf ) [main] Description=connection to TechPubs server Host=10.10.99.30 AuthType=1 GroupName=docusers GroupPwd= enc_GroupPwd=158E47893BDCD398BF863675204775622C49<SNIPPED> EnableISPConnect=0 ISPConnectType=0 ISPConnect= ISPCommand= Username=alice SaveUserPassword=0 UserPassword= enc_UserPassword= NTDomain= EnableBackup=1 BackupServer=Engineering1, Engineering2, Engineering 3, Engineering4 EnableMSLogon=0 MSLogonType=0 EnableNat=1 EnableLocalLAN=0 TunnelingMode=0 TCPTunnelingPort=10000 CertStore=0 CertName= CertPath= CertSubjectName SendCertChain=0 VerifyCertDN=CN=”ID Cert”,OU*”Cisco”,ISSUER-CN!=”Entrust”,ISSURE-OU!*”wonderland” DHGroup=2 PeerTimeOut=90 ForceNetLogin=

    Read the article

  • iproute2 premptive route creation, i think....

    - by Bryan Hunt
    Firstly: I know could do this the easy way with SSH but I want to learn how to route. I want to route packets back through the same tun0 interface from which they came into my system. I can do it for single routes. This works: sudo ip route add 74.52.23.120 metric 2 via 10.8.0.1 But i'd have to add them manually for each request that came down the pipe I've taken the blue pill and followed the http://lartc.org/howto/lartc.netfilter.html: Netfilter & iproute - marking packets tutorial But it's oriented towards redirecting OUTGOING packets based upon markers What I want is for a packet that comes in via tun0 not to be dropped which is what's happening right now, running scappy or suchlike to receive packets it doesn't seem to be receiving anything. Watching in wireshark I see the initial SYN packets coming in on the tun0 interface but that's as far as it gets without a static route as shown above. Am I nuts?

    Read the article

  • Tomato VPN connect but cannot ping LAN IP

    - by David Hamilton
    I've setup TomatoVPN using these settings on the server: TAP UDP 1194 Client address pool 10.10.9.1 -10.10.9.254 LAN clients are configured with 10.10.10.x I can connect from a remote client, but pinging anything in the 10.10.10.x results in a "Destination Host Unreachable" error. Here's my client configuration script: remote x.x.x.x 1194 client dev tap0 proto udp resolv-retry infinite nobind persist-key persist-tun float ca ca.crt cert client1.crt key client1.key ns-cert-type server Any suggestions as how I can make this properly bridge the two networks?

    Read the article

  • Domain: Netlogon event sequence

    - by Bob
    I'm getting really confused, reading tutorials from SAMBA howto, which is hell of a mess. Could you write step-by-step, what events happen upon NetLogon? Or in particular, I can't get these things: I really can't get the mechanism of action of LDAP and its role. Should I think of Active Directory LDS as of its superset? What're the other roles of AD and why this term is nearly a synonym of term "domain"? What's the role of LDAP in the remote login sequence? Does it store roaming user profiles? Does it store anything else? How it is called (are there any upper-level or lower-level services that use it in the course of NetLogon)? How do I join a domain. On the client machine I just use the Domain Controller admin credentials, but how do I prepare the Domain Controller for a new machine to join it. What's that deal of Machine trust accounts? How it is used? Suppose, I've just configured a machine to join a domain, created its machine trust, added its data to the domain controller. How would that machine find WINS server to query it for Domain Controller NetBIOS name? Does any computer name, ending with <1C type, correspond to domain controller? In what cases Kerberos and LM/NTLM are used for authentication? Where are password hashes stored in, say, Windows2000 domain controller? Right in the registry? What is SAM - is it a service, responsible for authentication and sending/storing those passwords and accompanying information, such as groups policies etc.? Who calls it? Does it use Active Directory? What's the role of NetBIOS except by name service? Can you exemplify a scenario of its usage as a "datagram distribution service for connectionless communication" or "session service for connection-oriented communication"? (quoted taken from http://en.wikipedia.org/wiki/NetBIOS_Frames_protocol description of NetBIOS roles) Thanks and sorry for many questions.

    Read the article

  • How do you determine if your domain isn't AD or ADAM?

    - by icurious
    I'm trying to get some authentication stuff set up in ASP MVC, but keep getting thrown errors about how it doesn't support anything but Active Directory (AD) and Active Directory Application Mode (ADAM). How can I figure out the actual running version of my LDAP provider? Is there some sort of command or query I can run against it? It's entirely possible it isn't AD or ADAM, but I have no idea how to figure that out.

    Read the article

  • Double password in Directory Server

    - by xain
    Hi, anybody knows how to implement a second password in an LDAP, so it's policies are different from the userPassword attribute ? The idea is to use it as a non-login password (for instance to "sign" a transaction). Thanks

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >