Search Results

Search found 8983 results on 360 pages for 'active attr'.

Page 40/360 | < Previous Page | 36 37 38 39 40 41 42 43 44 45 46 47  | Next Page >

  • CentOS 6.5 new Kernel not active after reboot

    - by Kristofer
    Today I was running some yum updates and wanted to verify that everything went through fine by making sure I had a new kernel. To my surprise I noticed that CentOS was still running 2.6.32-431.5.1.el6.x86_64 even though it looked as though 2.6.32-431.23.3.el6 was installed. Indeed 2.6.32-431.23.3.el6 shows up in /etc/grub.conf but not in the upstart boot options. Any ideas why? In the update log it says: ---> Package kernel-firmware.noarch 0:2.6.32-431.5.1.el6 will be updated ---> Package kernel-firmware.noarch 0:2.6.32-431.23.3.el6 will be an update Could this be the reason? What does "will be an update" mean? My /etc/grub.conf: # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/mapper/VolGroup00-root # initrd /initrd-[generic-]version.img #boot=/dev/vda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu password --encrypted $1$auui(i$sODM4ni/Zts9IlMWu.wWF/ title CentOS (2.6.32-431.23.3.el6.x86_64) root (hd0,0) kernel /vmlinuz-2.6.32-431.23.3.el6.x86_64 ro root=/dev/mapper/VolGroup00-root rd_NO_LUKS LANG=en_US.UTF-8 KEYBOARDTYPE=pc KEYTABLE=sv-latin1 rd_NO_MD rd_LVM_LV=VolGroup00/swap SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=VolGroup00/root rd_NO_DM rhgb quiet rhgb quiet audit=1 initrd /initramfs-2.6.32-431.23.3.el6.x86_64.img title CentOS (2.6.32-431.5.1.el6.x86_64) root (hd0,0) kernel /vmlinuz-2.6.32-431.5.1.el6.x86_64 ro root=/dev/mapper/VolGroup00-root rd_NO_LUKS LANG=en_US.UTF-8 KEYBOARDTYPE=pc KEYTABLE=sv-latin1 rd_NO_MD rd_LVM_LV=VolGroup00/swap SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=VolGroup00/root rd_NO_DM rhgb quiet rhgb quiet audit=1 initrd /initramfs-2.6.32-431.5.1.el6.x86_64.img title CentOS (2.6.32-431.el6.x86_64) root (hd0,0) kernel /vmlinuz-2.6.32-431.el6.x86_64 ro root=/dev/mapper/VolGroup00-root rd_NO_LUKS LANG=en_US.UTF-8 KEYBOARDTYPE=pc KEYTABLE=sv-latin1 rd_NO_MD rd_LVM_LV=VolGroup00/swap SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=VolGroup00/root rd_NO_DM rhgb quiet rhgb quiet audit=1 initrd /initramfs-2.6.32-431.el6.x86_64.img

    Read the article

  • Active Directory management with low user rights

    - by DemonWareXT
    Our problem: The client, a normal user, has to be able to reset multiple passwords at once. Around 30 in one go. This would call for powershell or something along these lines, but for AD and Powershell one needs to be domain administrator. My solution would be to make a service that runs on the AD server and take connections from a program. The service would then do the AD changes. So far so good, I would just like to hear some other thoughts on this problem. Because I sure can't be the only one with it

    Read the article

  • Configure PL2303-based USB-to-RS232 adapter to stay awake when no active device is present

    - by casualuser
    I am resurrecting some X10 devices with the aid of a USB-to-RS232 adapter. The problem is, that the adapter only works with the Firecracker device when there is another serial device on the line (the Firecracker is a pass-through device that monitors the RTS and DTR lines to do its magic). Is the PL2303 going to sleep without a real device on the line? Is there an option or command to keep it awake? Is there a cable configuration that would make it work without a real serial device present?

    Read the article

  • printer assignments for windows xp workstations within an active directory environment

    - by another_netadmin
    I'm using the following script to handle removing any old networked printers from machines and then assigning the propper ones and making one of them the default. This script is assigned to the OU the workstations reside in and uses group policy loopback so all users that login will get the appropriate printers mapped for them. I tried to use the new Printer Manager as part of W2K3 R2 but when assigning the default this way I get an error that the printer doesn't exist so I'm back to using the script. One flaw that I'm noticing is that it won't remove any printers that happen to be mapped from an RDP session (we don't see this everywhere but there are a few locations). Is there any way to enumerate all RDP printers and remove them similar to how I'm enumerating and removing networked printers? ' ' Printers.vbs - Windows Logon Script. ' RemovePrinters AddPrinters Sub RemovePrinters() On Error Resume Next Dim strPrinter Set objNetwork = WScript.CreateObject("WScript.Network") Set colPrinters = objNetwork.EnumPrinterConnections For i = 0 to colPrinters.Count -1 Step 2 strPrinter=CStr(colPrinters.Item(i+1)) If Not InStr(strPrinter,"\\") = 0 Then objNetwork.RemovePrinterConnection strPrinter, True, True End If Next End Sub Sub AddPrinters() On Error GoTo 0 Set objNetwork = CreateObject("WScript.Network") objNetwork.AddWindowsPrinterConnection "\\printers1\JH120-DELL5310" objNetwork.SetDefaultPrinter "\\printers1\Jh120-DELL5310" End Sub

    Read the article

  • Synchronizing the SamAccountName Property using Windows Azure Active Directory Sync Tool

    - by pk.
    Using this official documentation as a guide, I would expect the SamAccountName property to sync from my on-premise AD to Office 365. I think that it used to do exactly that, but now it seems that it doesn't so much sync the attribute as it does create an entirely new, unlinked value and store it in Office 365. This has caused some minor issues for me (broken scripts, annoying permissions management, etc.) and may be part of a more major issue regarding ADFS authentication. On-Premise PS C:\Windows\system32> Get-ADUser jdoe -Properties SamAccountName | fl SamAccountName SamAccountName : jdoe Office 365 Sync'ed Objects PS C:\Windows\system32> Get-Mailbox jdoe | fl SamAccountName SamAccountName : $1A7H20-K1LCOJFFBHGS I understand how to work around this issue in my scripts -- there exists the ImmutableId property which can be mapped back to the on-premise GUID. As far as the issue I'm having with ADFS, I'm less certain how to proceed and if this is causing my issues. At this point I really would just like some verification that I'm not crazy and that this used to be sync'ed at some point in the past and that Office 365 broke it relatively recently. I also think that MS documentation should perhaps be updated to exclude SamAccountName from the list of synchronized properties on the page I linked.

    Read the article

  • SSH disconnects active session after 20 minutes

    - by Paramaeleon
    I’ve just set up a new Linux box (OpenSuSE 12.3 on VmWare). Now I stated that my SSH shell sessions are disconnected exactly after 20 minutes, clearly with activity. (Putty: “Network error: Software caused connection abort”) I already set Putty to send keep alives every 64 sec. In sshd_config, I set ClientAliveInterval 50 ClientAliveCountMax 2 and did a deamon reload. Didn’t help. About two minutes after the link breakdown, ssh reports to /var/log/messages: … … sshd[…]: Timeout, client not responding. … … sshd[…]: pam_unix(sshd:session): session closed for user root I don’t encounter this behaviour when connecting to other virtual machines, so I guess the problem isn’t in the network. Any help is appreciated.

    Read the article

  • Why "scope link" ipv6 address can be pinged via interfaces which they are not active on

    - by olagu
    [root@2_01 ~]# /sbin/ip -6 addr show pubeth0 inet6 2001:1::6/64 scope global inet6 2001:1::1/64 scope global inet6 fe80::20c:29ff:fe69:f9e8/64 scope link [root@v2_01 ~]# /sbin/ip -6 addr show pubeth1 inet6 fe80::20c:29ff:fe69:f906/64 scope link [root@2_01 ~]# ping6 fe80::20c:29ff:fe69:f9e8%pubeth1 PING fe80::20c:29ff:fe69:f9e8%pubeth1(fe80::20c:29ff:fe69:f9e8) 56 data bytes 64 bytes from fe80::20c:29ff:fe69:f9e8: icmp_seq=1 ttl=64 time=0.259 ms --- fe80::20c:29ff:fe69:f9e8%pubeth1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 286ms rtt min/avg/max/mdev = 0.259/0.259/0.259/0.000 ms [root@2_01 ~]# ping6 fe80::20c:29ff:fe69:f9e8%pubeth0 PING fe80::20c:29ff:fe69:f9e8%pubeth0(fe80::20c:29ff:fe69:f9e8) 56 data bytes 64 bytes from fe80::20c:29ff:fe69:f9e8: icmp_seq=1 ttl=64 time=0.057 ms --- fe80::20c:29ff:fe69:f9e8%pubeth0 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 390ms rtt min/avg/max/mdev = 0.057/0.057/0.057/0.000 ms Why can I ping6 "fe80::20c:29ff:fe69:f9e8" via pubeth1?

    Read the article

  • SSL Certificate only works when session active in Server 2008

    - by CodeMonkey1
    I have a web app that uses an installed certificate to send a web request to a 3rd party web service. This has worked for a long time on Windows Server 2003, but just recently we found a problem with it on 2008 installations. When logged into the server as the same user the App Pool uses, either locally or via remote desktop, the web app and it's secure 3rd party request works fine. However, when there are no user sessions open, the 3rd party request fails, as if the certificate were not attached to the web request. Any ideas?

    Read the article

  • iptables, forward traffic for ip not active on the host itself

    - by gucki
    I have kvm guest which's netword card is conntected to the host using a tap device. The tap device is part of a bridge on the host together with eth0 so it can access the public network. So far everything works, the guest can access the public network and it can be accessed from the public network. Now the kvm process on the host provides a vnc server for the guest which listens on 127.0.0.1:5901 on the host. Is there any way to make this vnc server accessible by the ip address which the guest is using (ex. 192.168.0.249), without interrupting the guest from using the same ip (port 5901 is not used by the guest)? It should also work when the guest is not using any ip address at all. So basically I just want to fake IP xx is on the host and only answer/ forward traffic to port 5901 to the host itself. I tried using this NAT rule on the host, but it doesn't work. Ip forwarding is enabled at the host. iptables -t nat -A PREROUTING -p tcp --dst 192.168.0.249 --dport 5901 -j DNAT --to-destination 127.0.0.1:5901 I assume this is because the IP 192.168.0.249 is not not bound to any interfaces and so no ARP requests for it get answered and so no packets for this IP arrive at the host. How can make it work? :)

    Read the article

  • PHP - ldap_search() filter. How to search for user

    - by cvack
    $_SERVER['REMOTE_USER'] returns the username of the user logged in to an Active Directory. I want to retrive this users info by using ldap_search(). This is what I have now: $ad = // ldap_connection id $filter = "(|(sn=$username*)(givenname=$username*))"; $attr = array("displayname", "mail", "mobile", "homephone", "telephonenumber", "streetaddress", "postalcode", "physicaldeliveryofficename", "l"); $dn = // OU, DC etc.. ldap_search($ad,$dn,$filter,$attr); It works, but i'm not sure it will work if two users have almost the same names. How do I only search for their unique username so that i always only get one user?

    Read the article

  • Windows Azure Directory Sync Generic Failure

    - by Armand
    Ok so I have a domain that I want to sync to Office365 but when I start the Windows Azure Active Directory Sync tool Configuration Wizard I get an error with the following details: System.Management.ManagementException: Generic failure at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext() at Microsoft.Online.DirSync.Common.MiisAction.GetTargetMA() at Microsoft.Online.DirSync.Common.MiisAction.IsSyncInProgress() at Microsoft.Online.DirSync.Common.PrerequisiteChecks.ThrowIfSyncInProgress() at Microsoft.Online.DirSync.UI.IntroductionWizardPage.PrerequisiteValidation() at Microsoft.Online.DirSync.UI.IntroductionWizardPage.OnLoad(EventArgs e) at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible) at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible) at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible) at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible) at System.Windows.Forms.Control.CreateControl() at System.Windows.Forms.Control.WmShowWindow(Message& m) at System.Windows.Forms.Control.WndProc(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam) I have searched far and wide to no avail, this happens before I can even enter any details. A few notes: The server is not the domain controller Sharepoint 2013 is installed on this server The account I log in with and run the application with is a domain and enterprise admin I right click and run as administrator when I start the application So when I click continue on the error and go through the steps I get two possible scenarios that change from time to time at now predictable rate: 1) I just get an error, generic failure. 2) I get an error "Cannot start service MSOnlineSyncScheduler on computer '.'." Any help?

    Read the article

  • Domain Trust Issues When Setting Up TFS 2010 on Windows Server 2008 R2

    - by Chris Reynolds
    I am trying to setup Team Foundation Server 2010 on Windows Server 2008 R2 using a single server configuration. During the "Readiness Checks" phase of the configuration wizard, I am facing an issue that i preventing me from communicating with the domain controller (which is Windows Server 2000). [ System Checks ] TF255435: This computer is a member of an Active Directory domain, but the domain controllers are not accessible. Network problems might be preventing access to the domain. Verify that the network is operational, and then retry the readiness checks. Other options include configuring Team Foundation Server specifying a local account in the custom wizard or joining the computer to a workgroup. http://go.microsoft.com/fwlink/?LinkID=164053&clcid=0x409 After reading the log file, the main issue I am encountering appears to be: The trust relationship between this workstation and the primary domain failed. (type SystemException) I have read in several other locations that the solution to this issue is to: Leave the domain Restart Join a workgroup Restart Rejoin the domain Unfortunately, I have tried this several times now and the issue persists. Is there anything I can try on the either the client machine or the domain controller that may help solve my issue?

    Read the article

  • Squid 2.7 Stable 8 on Windows 2008

    - by Sadish
    Hi all, I have a Windows 2008 SP2 Active Directory Domain, which has clients of Vista, Win 2000 XP and Windows 7 as members. I installed Squid 2.7 Stable 8 on Windows 2008 SP2 trying to configure NTLM based authentication when surfing Internet. Basically have defined 2 groups for internet allow and deny based on authorization Internet access is allowed. But after trying for over 3 weeks, seems that the authentication does not happen. The browser keeps on asking for user name & password. I would like to know if there is any solution for this. I’m totally frustrated and unable to move forward. My configuration as below from the modifying the default squid.conf Line 292 auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe auth_param ntlm children 5 Line 626 acl localnet proxy_auth REQUIRED src 10.0.0.1/255 acl InetAllow external win_domain_group InternetUsers acl InetDeny external win_domain_group InternetDenyGroup http_access allow InetAllow http_access deny InetDeny Comment any "acl localnet src" Line 294 external_acl_type win_domain_group ttl=120 %LOGIN c:/squid/libexec/mswin_check_lm_group.exe –G My Windows 2008 server is running on 192.168.0.203 and clients are of subnet 10.0.0.x for which I need authentication. Pls help !!!

    Read the article

  • error reading keytab file krb5.keytab

    - by Banjer
    I've noticed these kerberos keytab error messages on both SLES 11.2 and CentOS 6.3: sshd[31442]: pam_krb5[31442]: error reading keytab 'FILE: / etc/ krb5. keytab' /etc/krb5.keytab does not exist on our hosts, and from what I understand of the keytab file, we don't need it. Per this kerberos keytab introduction: A keytab is a file containing pairs of Kerberos principals and encrypted keys (these are derived from the Kerberos password). You can use this file to log into Kerberos without being prompted for a password. The most common personal use of keytab files is to allow scripts to authenticate to Kerberos without human interaction, or store a password in a plaintext file. This sounds like something we do not need and is perhaps better security-wise to not have it. How can I keep this error from popping up in our system logs? Here is my krb5.conf if its useful: banjer@myhost:~> cat /etc/krb5.conf # This file managed by Puppet # [libdefaults] default_tkt_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC default_tgs_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC preferred_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC default_realm = FOO.EXAMPLE.COM dns_lookup_kdc = true clockskew = 300 [logging] default = SYSLOG:NOTICE:DAEMON kdc = FILE:/var/log/kdc.log kadmind = FILE:/var/log/kadmind.log [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false banner = "Enter your current" } Let me know if you need to see any other configs. Thanks. EDIT This message shows up in /var/log/secure whenever a non-root user logs in via SSH or the console. It seems to only occur with password-based authentication. If I do a key-based ssh to a server, I don't see the error. If I log in with root, I do not see the error. Our Linux servers authenticate against Active Directory, so its a hearty mix of PAM, samba, kerberos, and winbind that is used to authenticate a user.

    Read the article

  • best practice to removing DC from Site that no longer connects via vpn in another city

    - by dasko
    hi i am looking for a recap of what i have done already to see if i missed anything. i had two cities connected by wan using a ipsec persistent tunnel between gateways. i had one DC (DOMAIN CONTROLLER) in each city that was a global catalog server (GC) they were set up to replicate and i had them configured under Sites and Servers with their own subnet etc... about 6 months ago the one city was removed and i was not able to gracefully remove, through dcpromo, the server that was there. it is no longer used and cannot be brought back. the company went from two sites down to single site. Problem is i had a whole bunch of kcc errors and replication bugs in the event viewer. i wanted to clean up my active directory and decided to use the ntdsutil metadata cleanup commands. i removed the server from the specifed site based on a procedure from petri website. I then removed the instances of the old DC and site from Sites and Servers. Then i went and cleaned up the DNS by removing Host A records, NS server name from both the local DNS forward lookup zone and the _msdcs i also removed the reverse lookup zone for the subnet that no longer exists. is there anything i missed? thanks in advance for any help. gd

    Read the article

  • How does cross domain authentication work in a firewalled environment?

    - by LVLAaron
    This is a simplification and the names have been changed to protect the innocent. The assets: Active Directory Domains corp.lan saas.lan User accounts [email protected] [email protected] Servers dc.corp.lan (domain controller) dc.saas.lan (domain controller) server.saas.lan A one way trust exists between the domains so user accounts in corp.lan and log into servers in saas.lan No firewall between dc.corp.lan and dc.saas.lan server.saas.lan is in a firewalled zone and a set of rules exist so it can talk to dc.saas.lan I can log into server.saas.lan with [email protected] - But I don't understand how it works. If I watch firewall logs, I see a bunch of login chatter between server.saas.lan and dc.saas.lan I also see a bunch of DROPPED chatter between server.saas.lan and dc.corp.lan. Presumably, this is because server.saas.lan is trying to authenticate [email protected] But no firewall rule exists that allows communication between these hosts. However, [email protected] can log in successfully to server.saas.lan - Once logged in, I can "echo %logonserver%" and get \dc.corp.lan. So.... I am a little confused how the account actually gets authenticated. Does dc.saas.lan eventually talk to dc.corp.lan after server.saas.lan can't talk to dc.corp.lan? Just trying to figure out what needs to be changed/fixed/altered.

    Read the article

  • Missing Home Folder XP Clients 2008R2 Domain

    - by minamhere
    We just completed a migration from Server 2003 to Server 2008R2. Everything seems to have gone well except that many of our desktops have stopped mapping the Home Folder as set in Active Directory. Other mappings that are defined on individual clients are mapping just fine, these mappings are all on the same file server as the failing Home Folders. Half of the users are on 1 file server and half are on another. Users from both servers are having this problem. I have enabled the Group Policy setting to "Wait for network before logging in". I enabled the policy to "Run Logon Scripts synchronously". There are no errors on the Domain Controller or either File Server. When I enabled Group Policy Preferences as an attempted workaround, I get this error: The user 'V:' preference item in the '<Policy Name>' Group Policy object did not apply because it failed with error code '0x800708ca This network connection does not exist.' This error was suppressed. This seems to indicate that the network connection is not ready by the time Group Policy is processed. But isn't this the point of the "Wait before logging in" and "Run Logon scripts synchronously" settings? Some other background facts: The new Server 2008R2 installation is a Virtual Machine. It is on a new Subnet in a different building from the old server. DNS and DHCP were also migrated from the old DC to this new DC. These Home Folders were all working properly before the migration. Are there new security restrictions/policies in Server 2008R2 that might be causing this? Is there a way to check whether I have an underlying network connectivity issue? Maybe moving the server to the new building is causing a delay/timeout? Any thoughts or ideas on what could be causing this or how I can resolve this? Thanks.

    Read the article

  • Windows AD DNS: Event ID 5504

    - by Chris_K
    Two of my AD controllers (both running DNS service) appear to be having a similar issue. Both are throwing lots of events in the DNS events that look like this: Event Type: Information Event Source: DNS Event Category: None Event ID: 5504 Date: 5/24/2010 Time: 11:51:38 AM User: N/A Computer: ALPHA Description: The DNS server encountered an invalid domain name in a packet from 76.74.137.6. The packet will be rejected. The event data contains the DNS packet. That will come with the same event, same time, with a packet from 76.74.137.7 as well. I know this is "Information" not an error, but since it is new and different it bothers me (yes, I fear unexplained change!) Both machines are running Windows 2003 R2 SP2. The DNS servers are not exposed to the internet. Both DNS servers are configured to use OpenDNS for Forwarders. For both servers, this started about a week ago. Any thoughts on: 1) should I be concerned? 2) how can I stop/fix this? To keep it interesting, I have a 3rd AD / DNS box. Same domain, different Active Directory site. Same forwarders, yet doesn't have this issue.

    Read the article

  • Error 53 - The network path was not found.

    - by Jack
    I have a machine in my Active Directory Domain that I can no longer "net view" from other machines in the domain. This is a Windows XP Pro machine. It is hosting a VMWare virtual of my Domain Controller. If I attempt to net view [machine name] I get system error 53, The network path was not found. This is not a DNS issue, the same thing happens with the machine's IP. I don't think it's a firewall issue, I turned the firewall off on this machine. As I mentioned, it has worked in the past, and then stopped for no reason that I can see. I (intentionally) didn't change the software. I CAN get to the VMs hosted on this machine, can connect to their shares, net view them, etc. All other machines can see each other. In fact, the problem machine can see other machines and access their shares just fine. I tried removing the machine from the domain and re-adding it. I tried deleting the shares and recreating them. Not sure how to troubleshoot this any further. Any ideas?

    Read the article

  • Group Policy installation failed error 1274

    - by David Thomas Garcia
    I'm trying to deploy an MSI via the Group Policy in Active Directory. But these are the errors I'm getting in the System event log after logging in: The assignment of application XStandard from policy install failed. The error was : %%1274 The removal of the assignment of application XStandard from policy install failed. The error was : %%2 Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %%1274 The Group Policy Client Side Extension Software Installation was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance. When I reboot and log in again I simply get the same messages about needing to perform the update before the next logon. I'm on a Windows Vista 32-bit laptop. I'm rather new to deploying via group policy so what other information would be helpful in determining the issue? I tried a different MSI with the same results. I'm able to install the MSI using the command line and msiexec when logged into the computer, so I know the MSI is working ok at least.

    Read the article

  • Windows clients unable to access Samba share on AD joined Linux box every 7 days

    - by Hassle2
    The problem: Every 7 days, 2 Windows Servers are unable to access a SMB/CIFS share. It will start working after a handful of hours. The environment: OpenFiler Linux box joined to 2003 AD Domain Foreground app on Win2003 server access the SMB/CIFS share with windows credentials Another process on Win2008 access the share via SQL Server with windows credentials The Samba version on the Linux box is 3.4.5. Security is set to ADS wbinfo and getent return back expected users and groups Does not look to be a double hop issue as it's always the 2 accounts, regardless of the calling user. There is a DNS entry in both forward and reverse lookup zone for the linux box The linux box's computer object in active directory shows that it was modified around/at the same time that the two clients started failing to access the share Trying to access the share via IP works when by name does not Rebooting the Windows server takes care of it (it's production and only restarted it once) Restarting smbd, winbind, nmbd had no effect Error in samba log for the client in question: smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! The Question: Does this look like the machine account password is changing (hence the AD object showing the updated modified date) or are the two windows clients unable to request a new ticket that works against this linux box?

    Read the article

  • Single Sign On for intranet with Apache and Linux MIT Kerberos

    - by Beerdude26
    Greetings, I am looking for a way to do a single sign on to an intranet in the following manner: A Linux user logs on via a graphical frontend (for example, GNOME). He automatically requests a TGT for his username from the MIT Kerberos KDC. Via some way or another, the Apache server (which we'll assume is on the same server as the KDC), is informed that this user has logged in. When the user accesses the intranet, he is automatically granted access to his web applications. I don't think I've seen this kind of functionality while searching the net. I know the following possibilities exist: Using an authentication module such as mod_auth_kerb, a user is presented with a login prompt to enter his username and password, which are then authenticated against the MIT Kerberos server. (I would like this to be automatic.) IIS supports integrated Windows logon via ASP.Net when the user is part of an Active Directory. (I'm looking for the Linux / Apache equivalent.) Any suggestions, criticism and ideas are highly appreciated. This is for a school project to show a proof-of-concept, so every handy piece of information is more than welcome. :)

    Read the article

< Previous Page | 36 37 38 39 40 41 42 43 44 45 46 47  | Next Page >