Search Results

Search found 1466 results on 59 pages for 'authenticate'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 41/59 | < Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >

  • How does cross domain authentication work in a firewalled environment?

    - by LVLAaron
    This is a simplification and the names have been changed to protect the innocent. The assets: Active Directory Domains corp.lan saas.lan User accounts [email protected] [email protected] Servers dc.corp.lan (domain controller) dc.saas.lan (domain controller) server.saas.lan A one way trust exists between the domains so user accounts in corp.lan and log into servers in saas.lan No firewall between dc.corp.lan and dc.saas.lan server.saas.lan is in a firewalled zone and a set of rules exist so it can talk to dc.saas.lan I can log into server.saas.lan with [email protected] - But I don't understand how it works. If I watch firewall logs, I see a bunch of login chatter between server.saas.lan and dc.saas.lan I also see a bunch of DROPPED chatter between server.saas.lan and dc.corp.lan. Presumably, this is because server.saas.lan is trying to authenticate [email protected] But no firewall rule exists that allows communication between these hosts. However, [email protected] can log in successfully to server.saas.lan - Once logged in, I can "echo %logonserver%" and get \dc.corp.lan. So.... I am a little confused how the account actually gets authenticated. Does dc.saas.lan eventually talk to dc.corp.lan after server.saas.lan can't talk to dc.corp.lan? Just trying to figure out what needs to be changed/fixed/altered.

    Read the article

  • iPod touch has extremely slow wifi, drops packets - only on my router

    - by mskfisher
    I just purchased an iPod Touch. I am having a lot of trouble with its speeds on my Tenda W311R, but it has no speed problems on my neighbor's Netgear router. It will connect and authenticate to my network, but the Speed Test app from speedtest.net shows rates near 20-50 kbps. If I run the speed test immediately after powering the iPod on, it will get speeds of 10-20 Mbps, like it should - but the speeds slow down to the kbps range abut 10-15 seconds afterward. I get the same behavior with encryption and without encryption, and regardless of N, G, or B compatibility settings in the router. I've tried rebooting the iPod and resetting the network settings, but it's still slow. I've tried pinging the iPod from another computer, and it shows about 40% packet loss: $ ping 192.168.0.111 PING 192.168.0.111 (192.168.0.111): 56 data bytes 64 bytes from 192.168.0.111: icmp_seq=0 ttl=64 time=14.188 ms 64 bytes from 192.168.0.111: icmp_seq=1 ttl=64 time=11.556 ms 64 bytes from 192.168.0.111: icmp_seq=2 ttl=64 time=5.675 ms 64 bytes from 192.168.0.111: icmp_seq=3 ttl=64 time=5.721 ms Request timeout for icmp_seq 4 64 bytes from 192.168.0.111: icmp_seq=5 ttl=64 time=6.491 ms Request timeout for icmp_seq 6 64 bytes from 192.168.0.111: icmp_seq=7 ttl=64 time=8.065 ms Request timeout for icmp_seq 8 Request timeout for icmp_seq 9 Request timeout for icmp_seq 10 64 bytes from 192.168.0.111: icmp_seq=11 ttl=64 time=9.605 ms Signal strength is good - I'm never more than 20 feet from my access point, and it exhibits the same behavior if I'm standing next to the router. It works just well enough to receive text, but videos don't work at all. App downloads are hit and miss. I've tweaked just about all of the settings I can see to tweak, and I'm at a loss. I have also been searching Google for the past three days, all to no avail. Any suggestions?

    Read the article

  • Is there a simple LDAP-to-HTTP gateway out there?

    - by larsks
    We have a local LDAP directory that provides basic contact information about our user community. We would like to integrate this into some third-party hosted services that allow us to implement widgets that run arbitrary Javascript. In order to connect Javascript to our LDAP directory, I would like to set up a simple LDAP-to-HTTP proxy that would accept HTTP GET requests, translate them into an appropriate LDAP query, and respond with directory information as JSON-encoded data. In an ideal world, something like this: GET /[email protected] Would get me something like this: { "cn": "Bob Person", "title": "System Administrator", "sn": "Person", "mail": "[email protected]", "telepehoneNumber": "617-555-1212", "givenName": "Bob" } (And this obviously assumes that the web application has locally configured information about what base DN to use, how to authenticate, etc). I guess I could write one...but surely something like this already exists? UPDATE The consensus seems to be that there isn't a pre-existing solution out there and that I should just get off my lazy derriere and write one. So I did, and it's here. It's not especially pretty, but it works for my prototyping and I figure maybe someone else will find it useful someday.

    Read the article

  • Inter-vlan routing issues

    - by DKNUCKLES
    I've been brought in to help administer a network and I've run into an issue - I'm not sure why this one is beyond me, however I figure an extra set of eyes on the problem may help resolve the issue. I have an HP MSM720 controller and at the time I'm trying to set up a basic hotspot set up with access points. For the time being I'm just looking to have people authenticate with a PSK and access the internet and other resources (namely printers) on other vlans. The user authenticates and the DHCP server on the controller gives them a 192.168.1.0/24 address. They are able to successfully browse the internet and ping machines on other networks, however they are unable to print to network printers that sit on the same LANs as the very computers that wireless clients can ping. The (extremely simplified) topology is as follows Computers on the wireless 192.168.1.1 network are able to ping computers on the 192.168.0.0 network, however cannot ping or print to the printers on the same network. I'm baffled and I have no idea why this is the case. Can anyone shed some light on this for me? Can someone spot the error of my configuration? EDIT : It should be noted that for whatever reason other computers on the 10.0.100.0/24 network cannot even ping the gateway of the Wireless Access network (192.168.1.1) - I'm not sure if this is relevant. These are the VLANS listed on the controller.

    Read the article

  • hMail server - sending copy of an e-mail changing the sender

    - by Beggycev
    Dear All please help me with following request. I am using hMail server in a company(test.com) and have several hundred of guest e-mail accounts ([email protected]). I need to accomplish this: When any of the guest e-mails receives a message(either from internal or external sender) this e-mail(or its copy) is sent to another address "[email protected]" which is the same for all of these guest e-mails. But I need the sender to be identified as the [email protected] not as the original sender which happens when I use forwarding. I tried to prepare a simple VBS script using the OnAcceptMessage event to accomplish this. and it works on my testing machine without internet connectivity but not in the production environment. To be specific, if I send an e-mail to [email protected] in my test env it is delivered to the [email protected] with [email protected] being a sender. But in the production env the e-mail stays in the guest mailbox with the original sender. I am interested in any solution, using a rule in hMail or script, anything is welcome. Thank you for any help! The script: Sub OnAcceptMessage(oClient, oMessage) 'creating application object in order to perform operations as hMail server administrator Dim obApp Set obApp = CreateObject("hMailServer.Application") Dim adminLogin Dim adminPassword 'Enter actual values for administrator account and password 'CHANGE HERE: adminLogin = "Admin_login" adminPassword = "password" Call obApp.Authenticate(adminLogin, adminPassword) Dim addrStart 'Take first 5 characters of recipients address addrStart = Mid(oMessage.To, 1, 5) 'if the recipient's address start with "guest" if addrStart = "guest" then Dim recipient Dim recipientAddress 'enter name of the recipient and respective e-mail address() 'CHANGE HERE: recipient = "FINAL" recipientAddress = "[email protected]" 'change the sender and sender e-mail address to the guest oMessage.FromAddress = oMessage.To oMessage.From = oMessage.To & "<" & oMessage.To & ">" 'delete recipients and enter a new one - the actual mps and its e-mail from the variables set above oMessage.ClearRecipients() oMessage.AddRecipient recipient, recipientAddress 'save the e-mail oMessage.save end if End Sub

    Read the article

  • Can one config LDAP to accept auth from ssh-agent instead of from Kerberos?

    - by Alex North-Keys
    [This question is not about getting your LDAP password to authenticate you for SSH logins. We have that working just fine, thank you :-) ] Let's suppose you're on a Linux network (Ubuntu 11.10, slapd 2.4.23), and you need to write a set of utilities that will use ldapmodify, ldapadd, ldapdelete, and so on. You don't have Kerberos, and don't want to deal with its timeouts (most users don't know how to get around this), quirks, etc. This resolves the question to one of where else to get credentials to feed to LDAP, probably through GSSAPI - which technically doesn't require Kerberos despite its dominance there - or something like it. However, nearly everyone seems to have an SSH agent program, complete with its key cache. I'd really like an ssh-add to be sufficient to allow passwordless LDAP command use. Does anyone know of a project working on using the SSH agent as the source of authentication to LDAP? It might be through an ssh-aware GSSAPI layer, or some other trick I haven't thought of. But it would be wonderful for making LDAP effortless. Assuming I haven't just utterly missed a way to use ldapmodify and kin without having to type my LDAP passwords - using -x is NOT acceptable. At my site, the LDAP server only accepts ldaps connections, and requires authentication for modifying operations. Those are requirements, of course. Any ideas would be greatly appreciated. :-)

    Read the article

  • current_user and Comments on Posts - Create another association or loop posts? - Ruby on Rails

    - by bgadoci
    I have created a blog application using Ruby on Rails and have just added an authentication piece and it is working nicely. I am now trying to go back through my application to adjust the code such that it only shows information that is associated with a certain user. Currently, Users has_many :posts and Posts has_many :comments. When a post is created I am successfully inserting the user_id into the post table. Additionally I am successfully only displaying the posts that belong to a certain user upon their login in the /views/posts/index.html.erb view. My problem is with the comments. For instance on the home page, when logged in, a user will see only posts that they have written, but comments from all users on all posts. Which is not what I want and need some direction in correcting. I want only to display the comments written on all of the logged in users posts. Do I need to create associations such that comments also belong to user? Or is there a way to adjust my code to simply loop through post to display this data. I have put the code for the PostsController, CommentsController, and /posts/index.html.erb below and also my view code but will post more if needed. class PostsController < ApplicationController before_filter :authenticate auto_complete_for :tag, :tag_name auto_complete_for :ugtag, :ugctag_name def index @tag_counts = Tag.count(:group => :tag_name, :order => 'count_all DESC', :limit => 20) conditions, joins = {}, :votes @ugtag_counts = Ugtag.count(:group => :ugctag_name, :order => 'count_all DESC', :limit => 20) conditions, joins = {}, :votes @vote_counts = Vote.count(:group => :post_title, :order => 'count_all DESC', :limit => 20) conditions, joins = {}, :votes unless(params[:tag_name] || "").empty? conditions = ["tags.tag_name = ? ", params[:tag_name]] joins = [:tags, :votes] end @posts= current_user.posts.paginate( :select => "posts.*, count(*) as vote_total", :joins => joins, :conditions=> conditions, :group => "votes.post_id, posts.id ", :order => "created_at DESC", :page => params[:page], :per_page => 5) @popular_posts=Post.paginate( :select => "posts.*, count(*) as vote_total", :joins => joins, :conditions=> conditions, :group => "votes.post_id, posts.id", :order => "vote_total DESC", :page => params[:page], :per_page => 3) respond_to do |format| format.html # index.html.erb format.xml { render :xml => @posts } format.json { render :json => @posts } format.atom end end def show @post = Post.find(params[:id]) respond_to do |format| format.html # show.html.erb format.xml { render :xml => @post } end end def new @post = Post.new respond_to do |format| format.html # new.html.erb format.xml { render :xml => @post } end end def edit @post = Post.find(params[:id]) end def create @post = current_user.posts.create(params[:post]) respond_to do |format| if @post.save flash[:notice] = 'Post was successfully created.' format.html { redirect_to(@post) } format.xml { render :xml => @post, :status => :created, :location => @post } else format.html { render :action => "new" } format.xml { render :xml => @post.errors, :status => :unprocessable_entity } end end end def update @post = Post.find(params[:id]) respond_to do |format| if @post.update_attributes(params[:post]) flash[:notice] = 'Post was successfully updated.' format.html { redirect_to(@post) } format.xml { head :ok } else format.html { render :action => "edit" } format.xml { render :xml => @post.errors, :status => :unprocessable_entity } end end end def destroy @post = Post.find(params[:id]) @post.destroy respond_to do |format| format.html { redirect_to(posts_url) } format.xml { head :ok } end end end CommentsController class CommentsController < ApplicationController before_filter :authenticate, :except => [:show, :create] def index @comments = Comment.find(:all, :include => :post, :order => "created_at DESC").paginate :page => params[:page], :per_page => 5 respond_to do |format| format.html # index.html.erb format.xml { render :xml => @comments } format.json { render :json => @comments } format.atom end end def show @comment = Comment.find(params[:id]) respond_to do |format| format.html # show.html.erb format.xml { render :xml => @comment } end end # GET /posts/new # GET /posts/new.xml # GET /posts/1/edit def edit @comment = Comment.find(params[:id]) end def update @comment = Comment.find(params[:id]) respond_to do |format| if @comment.update_attributes(params[:comment]) flash[:notice] = 'Comment was successfully updated.' format.html { redirect_to(@comment) } format.xml { head :ok } else format.html { render :action => "edit" } format.xml { render :xml => @comment.errors, :status => :unprocessable_entity } end end end def create @post = Post.find(params[:post_id]) @comment = @post.comments.build(params[:comment]) respond_to do |format| if @comment.save flash[:notice] = "Thanks for adding this comment" format.html { redirect_to @post } format.js else flash[:notice] = "Make sure you include your name and a valid email address" format.html { redirect_to @post } end end end def destroy @comment = Comment.find(params[:id]) @comment.destroy respond_to do |format| format.html { redirect_to Post.find(params[:post_id]) } format.js end end end View Code for Comments <% Comment.find(:all, :order => 'created_at DESC', :limit => 3).each do |comment| -%> <div id="side-bar-comments"> <p> <div class="small"><%=h comment.name %> commented on:</div> <div class="dark-grey"><%= link_to h(comment.post.title), comment.post %><br/></div> <i><%=h truncate(comment.body, :length => 100) %></i><br/> <div class="small"><i> <%= time_ago_in_words(comment.created_at) %> ago</i></div> </p> </div> <% end -%>

    Read the article

  • Java exception when the traffic grow up

    - by sahid
    I have an error with java/solr when the traffic grows up. It seems Solr tries to cast a java.lang.Object to a org.apache.solr.common.util.ConcurrentLRUCache$CacheEntry SEVERE: java.lang.ClassCastException: [Ljava.lang.Object; cannot be cast to [Lorg.apache.solr.common.util.ConcurrentLRUCache$CacheEntry; at org.apache.solr.common.util.ConcurrentLRUCache$PQueue.myInsertWithOverflow(ConcurrentLRUCache.java:377) at org.apache.solr.common.util.ConcurrentLRUCache.markAndSweep(ConcurrentLRUCache.java:329) at org.apache.solr.common.util.ConcurrentLRUCache.put(ConcurrentLRUCache.java:144) at org.apache.solr.search.FastLRUCache.put(FastLRUCache.java:131) at org.apache.solr.search.SolrIndexSearcher.getDocSet(SolrIndexSearcher.java:573) at org.apache.solr.search.SolrIndexSearcher.getDocSet(SolrIndexSearcher.java:641) at org.apache.solr.search.SolrIndexSearcher.getDocListNC(SolrIndexSearcher.java:1109) at org.apache.solr.search.SolrIndexSearcher.getDocListC(SolrIndexSearcher.java:1090) at org.apache.solr.search.SolrIndexSearcher.search(SolrIndexSearcher.java:337) at org.apache.solr.handler.component.QueryComponent.process(QueryComponent.java:431) at org.apache.solr.handler.component.SearchHandler.handleRequestBody(SearchHandler.java:231) at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:129) at org.apache.solr.core.SolrCore.execute(SolrCore.java:1298) at org.apache.solr.servlet.SolrDispatchFilter.execute(SolrDispatchFilter.java:340) at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:240) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) at java.lang.Thread.run(Thread.java:636) This is my java configuration for tomcat JAVA_OPTS="-Djava.awt.headless=true -D64 -server -Xms4096M -Xmx4096M -XX:+UseConcMarkSweepGC -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5400 -Dcom.sun.management.jmxremote.ss\ l=false -Dcom.sun.management.jmxremote.authenticate=false" Somebody know why these errors happen ?

    Read the article

  • IIS 7 rewriting subdomain to point at a specific port

    - by Tommy Jakobsen
    Having installed Team Foundation Server 2010 on Windows Server 2008, I need an easy URL for our developers to access their repositories. The default URL for the TFS repositories is http://localhost:8080/tfs Now I want the subdomain domain tfs.server.domain.com to point at http://localhost:8080/tfs. And when you access tfs.server.domain.com/repos_name it should redirect to http://localhost:8080/tfs/repos_name. How can I do this in IIS7? I already tried using the following rule, but it does not work. I get a 404. <rewrite> <globalRules> <rule name="TFS" stopProcessing="true"> <match url="^(?:tfs/)?(.*)" /> <conditions> <add input="{HTTP_HOST}" pattern="^tfs.server.domain.com$" /> </conditions> <action type="Rewrite" url="http://localhost:8080/tfs/{R:1}" /> </rule> </globalRules> </rewrite> EDIT I actually got this working by adding a binding for the site on port 80 with host name tfs.server.domain.com. But using tfs.server.domain.com, I can't authenticate using Windows Authentication. Is there something that I need to configure for Windows Authentication? You can see a trace here: http://pastebin.com/k0QrnL0m

    Read the article

  • Does WebDAV even work on IIS 7? I say nay

    - by FlavorScape
    I've tried every configuration from the top 10 stack overflow and server fault results for WebDAV 405 on IIS (for verb PROPFIND and PUT). I'm running server 2008 SP2. Followed all the instructions here. I'm no stranger to configuring servers. This has gotten nowhere after 8 hours. Confirmed system.webserver in applicationhost.config: <add name="WebDAV" path="*" verb="PROPFIND,PROPPATCH,MKCOL,PUT,COPY,DELETE,MOVE,LOCK,UNLOCK" modules="WebDAVModule" resourceType="Unspecified" requireAccess="None" /> Port 443 with basic auth, same issue. Tried port 80 with windows auth. Broken. (405) Windows authentication. Check. Added authoring rules for default site and application. Check. Not the firewall. Check. added "Desktop Experience" role feature Tried HTTPS with Basic Authentication on port 443. Does not work. No other services are running like Sharepoint. Check. confirmed user has read/write NT level permissions for the folder/virtual dir tried net use * http://localhost /user:MYDOMAIN\me myPass get error 1920, if I don't authenticate I get error 67 confirmed I'm not applying filtering to WebDAV: <requestFiltering> <fileExtensions applyToWebDAV="false" /> <verbs applyToWebDAV="false" /> <hiddenSegments applyToWebDAV="false" /> 405 - HTTP verb used to access this page is not allowed. The page you are looking for cannot be displayed because an invalid method (HTTP verb) was used to attempt access. SHOULD I JUST GIVE UP? Other questions that helped none: 405 - ‘Method not Allowed’ adding service hosted in IIS7 webdav on iis7.5 - simply cannot make it work http://studentguru.gr/b/kingherc/archive/2009/11/21/webdav-for-iis-7-on-windows-server-2008-r2.aspx

    Read the article

  • Squid - Active Directory - permissions based on Nodes rather than Groups

    - by Genboy
    Hi, I have squid running on a gateway machine & I am trying to integrate it with Active Directory for authentication & also for giving different browsing permissions for different users. 1) /usr/lib/squid/ldap_auth -b OU=my,DC=company,DC=com -h ldapserver -f sAMAccountName=%s -D "CN=myadmin,OU=Unrestricted Users,OU=my,DC=company,DC=com" -w mypwd 2) /usr/lib/squid/squid_ldap_group -b "OU=my,DC=company,DC=com" -f "(&(sAMAccountName=%u)(memberOf=cn=%g,cn=users,dc=company,dc=com))" -h ldapserver -D "CN=myadmin,OU=Unrestricted Users,OU=my,DC=company,DC=com" -w zxcv Using the first command above, I am able to authenticate users. Using the second command above, I am able to figure out if a user belongs to a particular active directory group. So I should be able to set ACL's based on groups. However, my customer's AD setup is such that he has users arranged in different Nodes. For eg. He has users setup in the following way cn=usr1,ou=Lev1,ou=Users,ou=my,ou=company,ou=com cn=usr2,ou=Lev2,ou=Users,ou=my,ou=company,ou=com cn=usr3,ou=Lev3,ou=Users,ou=my,ou=company,ou=com etc. So, he wants that I have different permissions based on whether a user belongs to Lev1 or Lev2 or Lev3 nodes. Note that these aren't groups, but nodes. Is there a way to do this with squid? My squid is running on a debian machine.

    Read the article

  • How can I "share" a network share over the internet to multiple operating systems?

    - by Minsc
    Hello all, We have a network share accessible through our intranet that is widely used. This share has it's own set of fine tuned permissions. I have been tasked with allowing A.D. authenticated access to this share over the internet without the use of VPN. The internet access has to mimic the NTSF permissions in place on the share. Another piece of the puzzle is that the access over the internet has to allow perusal of the share from Windows and Mac OS systems. I had envisioned a web front end that would facilitate downloading to and uploading from the share via a web browser. I'm trying to ask for some suggestions about what type of setup is necessary to achieve this. I've done loads of testing and searching for solutions but I can't seem to get anything to work as I hope. The web server that will be handing all of this is a Windows 2K8 box with IIS 7. How can I allow the users to authenticate against Active Directory when coming from the internet even when coming from a Mac system? I hope my question is not too broad, I'm sorry if I should have broken it up into multiple questions. It all is just tied together in my head. Thank you all for your time and aid.

    Read the article

  • Joining Samba to Active Directory with local user authentication

    - by Ansel Pol
    I apologise that this is somewhat incoherent, but hopefully someone will be able to make enough sense of this to understand what I'm trying to achieve and provide pointers. I have a machine with two network interfaces connected to two different networks (one of which it's providing several other services for, such as DNS), running two separate instances of Samba, one bound to each interface. One of the instances is just a workgroup-style setup using share-level authentication, which is all working fine. The problem is that I'm looking to join the other instance to an MS Active Directory domain (provided by MS Windows Small Business Server 2003) to enable a subset of the domain users to access the shares from Windows machines on the other network. The users who need access from the domain environment have accounts (whose names are all-lowercase versions of their domain usernames) on the machine running Samba, but I'm not sure about how to map the UIDs and everything I've read concerns authenticating accounts on that machine against either AD or another LDAP server. To clarify: I only want the credentials for AD users accessing the non-workgroup Samba instance to be authenticated against AD, not the accounts on the machine running Samba. I hope this is sufficiently clear. EDIT: In addition to being able to access the Samba shares from AD, I do also need to be able to access a share on the domain from the machine running Samba but would still like everything non-Samba-related to authenticate locally.

    Read the article

  • Remote desktop solution where the desktop sharing party contacts the computer it wants to share with

    - by Kent
    I'm in a situation where I act as a sort of techinical support to my family and less techinically experienced friends. I'm looking for a remote desktop solution where it's possible to setup a "zero-install, double click an icon"-solution where the client computer contacts me so that I may interact with their desktop. The last part is important as the people in need of my help don't know how to configure their router or even the firewall software on their own computer. They are able to click an accept button when asked if a program should be able to make outgoing connections. They have many different kinds of routers, as well as software firewalls, and I rather not deal with the problem of how to connect to them using whatever as well as the actual problem they are having. It must be: Free of charge for non-commercial use. Possible to use it in a mode where the computer wanting to share its desktop should be able to make a connection to my computer. My computer has a DNS name we can use. Compatible with both Windows XP and Windows 7. Independent of a third party server or infrastructure. Explanations of the above: I don't want to spend money on it when I help them for free. If it's free as in freedom, all the better! I guess this boils down to being callable like showdesktopto.exe opscomputer.com where opscomputer.com is my computers DNS name. If that is possible then I can create a shortcut they can use to connect to me when they need help. It's nice if it's possible to specify a password or key file which I can use to authenticate myself, but it's not required. They use the OS which their machine comes installed with. That means Windows XP or 7. I want something which will work in the long run. Using a third party service which might not be available when I need it disqualified such solutions.

    Read the article

  • can't figure out why apache LDAP auth fails

    - by SethG
    Suddenly, yesterday, one of my apache servers became unable to connect to my LDAP (AD) server. I have two sites running on that server, both of which use LDAP to auth against my AD server when a user logs in to either site. It had been working fine two days ago. For reasons unknown, as of yesterday, it stopped working. The error log only says this: auth_ldap authenticate: user foo authentication failed; URI /FrontPage [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server], referer: http://mysite.com/ I thought perhaps my self-signed SSL cert had expired, so I created a new one for mysite.com, but not for the server hostname itself, and the problem persisted. I enabled debug-level logging. It shows the full SSL transaction with the LDAP server, and it appears to complete without errors until the very end when I get the "Can't contact LDAP server" message. I can run ldapsearch from the commandline on this server, and I can login to it, which also uses LDAP, so I know that the server can connect to and query the LDAP/AD server. It is only apache that cannot connect. Googling for an answer has turned up nothing, so I'm asking here. Can anybody provide insight to this problem? Here's the LDAP section from the apache config: <Directory "/web/wiki/"> Order allow,deny Allow from all AuthType Basic AuthName "Login" AuthBasicProvider ldap AuthzLDAPAuthoritative off #AuthBasicAuthoritative off AuthLDAPUrl ldaps://domain.server.ip/dc=full,dc=context,dc=server,dc=name?sAMAccountName?sub AuthLDAPBindDN cn=ldapbinduser,cn=Users,dc=full,dc=context,dc=server,dc=name AuthLDAPBindPassword password require valid-user </Directory>

    Read the article

  • Authenticating Active Directory Users to Mac OS X Mavericks Server L2TP VPN Service

    - by dean
    We have a Windows Server 2012 Active Directory Infrastructure that consists of two domain controllers. Bound to the Active Directory Domain is a Mac OS X Mavericks Server 10.9.3. The server runs Profile Manager and VPN Services. My Active Directory users are able to authenticate to the Profile Manager, but not the VPN. I have found several threads on other forums of other users reporting similar issues, here is just one of many references: https://discussions.apple.com/thread/5174619 It appears as though the issue is related to a CHAP authentication failure. Can anyone suggest what next troubleshooting steps I might take? Is there a way to liberalize the authentication mechanism to include MSCHAP? Here is an excerpt of the transaction from the logs. Please note the domain has been changed to example.com. Jun 6 15:25:03 profile-manager.example.com vpnd[10317]: Incoming call... Address given to client = 192.168.55.217 Jun 6 15:25:03 profile-manager.example.com pppd[10677]: publish_entry SCDSet() failed: Success! Jun 6 15:25:03 --- last message repeated 2 times --- Jun 6 15:25:03 profile-manager.example.com pppd[10677]: pppd 2.4.2 (Apple version 727.90.1) started by root, uid 0 Jun 6 15:25:03 profile-manager.example.com pppd[10677]: L2TP incoming call in progress from '108.46.112.181'... Jun 6 15:25:03 profile-manager.example.com racoon[257]: pfkey DELETE received: ESP 192.168.55.12[4500]->108.46.112.181[4500] spi=25137226(0x17f904a) Jun 6 15:25:04 profile-manager.example.com pppd[10677]: L2TP connection established. Jun 6 15:25:04 profile-manager kernel[0]: ppp0: is now delegating en0 (type 0x6, family 2, sub-family 0) Jun 6 15:25:04 profile-manager.example.com pppd[10677]: Connect: ppp0 <--> socket[34:18] Jun 6 15:25:04 profile-manager.example.com pppd[10677]: CHAP peer authentication failed for alex Jun 6 15:25:04 profile-manager.example.com pppd[10677]: Connection terminated. Jun 6 15:25:04 profile-manager.example.com pppd[10677]: L2TP disconnecting... Jun 6 15:25:04 profile-manager.example.com pppd[10677]: L2TP disconnected Jun 6 15:25:04 profile-manager.example.com vpnd[10317]: --> Client with address = 192.168.55.217 has hung up

    Read the article

  • Apache mod_auth_kerb asking 2 authentication

    - by Rianto Wahyudi
    I've configured Apache to use mod_auth_kerberos. So far everything is working nicely for client thats connected to Active Directory and have their browser to ntlm enabled. When clients are not in the domain or the browser configurerd not to authenticate automatically, they are being prompted by 2 login prompt. The first login prompt is blank and the second one is the oen that we configured First Login prompt: http://www.screencast.com/t/ZGNlZTQwZm Second Login prompt : http://www.screencast.com/t/MDA2N2Fl From the log ( first authentication) : [Wed Jan 06 15:47:29 2010] [debug] src/mod_auth_kerb.c(1684): [client x.x.x.x] [pid 2562] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos In the first loging prompt , I can put any text for username and password. Once the first login form submited, it will ask for the 2nd login prompt. Apache have following config : <Directory /web/apache2/htdocs> AllowOverride All AuthType Kerberos AuthName "Staff Access ONLY Kerb-Auth" KrbAuthRealms EXAMPLE.COM Krb5Keytab /etc/httpd/conf.d/example.ktab Allow from localhost Require valid-user <Directory> What could be the cause of the first authentication and how can I get rid of them ?

    Read the article

  • Web SMTP Server(foo.com) will not send mail to exchange server which is also(foo.com)

    - by Atom
    I think I understand this problem fully, but I do not know how to approach it or where to go in terms of troubleshooting. I've got my one domain http://foo.com that runs a Zen Cart installation that needs to be able to send emails to users(order confirmation, password reset). This works fine to send to any other domain BUT foo.com. I'm running a locally hosted exchange server that is foo.com, and we can send and receive email just fine. If I run tail -f /usr/local/psa/var/log/maillog I recieve this error: Apr 1 10:08:51 foo qmail-local-handlers[25824]: Handlers Filter before-local for qmail started ... Apr 1 10:08:51 foo qmail-local-handlers[25824]: from= Apr 1 10:08:51 foo qmail-local-handlers[25824]: [email protected] Apr 1 10:08:51 foo qmail-local-handlers[25824]: cannot reinject message to '[email protected]' Apr 1 10:08:51 foo qmail: 1270141731.583139 delivery 32410: failure: This_address_no_longer_accepts_mail./ Apr 1 10:08:51 foo qmail: 1270141731.584098 status: local 0/10 remote 0/20 I understand that the foo.com SMTP service doesn't have any account but the one that is used to authenticate mail being sent, so of course, I understand why it's saying 'this address no longer accepts mail'. My question is, how can I get the foo.com(web) SMTP service to handle emails meant for my exchange server([email protected]) or how do I handle the mail that needs to be sent to our exchange server? Is this something to do with MX records? Thanks in advance A

    Read the article

  • trying to allow domain admins access in apache

    - by sharif
    I am trying to authenticate domain admins through apache and it is not working. Error i get is as follows [Mon Sep 24 14:54:45 2012] [debug] src/mod_auth_kerb.c(1432): [client 172.16.0.85] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Mon Sep 24 14:54:45 2012] [debug] src/mod_auth_kerb.c(915): [client 172.16.0.85] Using HTTP/[email protected] as server principal for password verification [Mon Sep 24 14:54:45 2012] [debug] src/mod_auth_kerb.c(655): [client 172.16.0.85] Trying to get TGT for user [email protected] [Mon Sep 24 14:54:45 2012] [debug] src/mod_auth_kerb.c(569): [client 172.16.0.85] Trying to verify authenticity of KDC using principal HTTP/[email protected] [Mon Sep 24 14:54:45 2012] [debug] src/mod_auth_kerb.c(994): [client 172.16.0.85] kerb_authenticate_user_krb5pwd ret=0 [email protected] authtype=Basic [Mon Sep 24 14:54:45 2012] [debug] mod_authnz_ldap.c(561): [client 172.16.0.85] ldap authorize: Creating LDAP req structure [Mon Sep 24 14:54:45 2012] [debug] mod_authnz_ldap.c(573): [client 172.16.0.85] auth_ldap authorise: User DN not found, LDAP: ldap_simple_bind_s() failed Below is what I have in my httpd file Alias /compass "/data/intranet/html/compass" <Directory "/data/intranet/html/compass"> AuthType Kerberos AuthName KerberosLogin KrbServiceName HTTP/intranet.xxx.com KrbMethodNegotiate On KrbMethodK5Passwd On KrbAuthRealms xxx.COM Krb5KeyTab /etc/httpd/conf/intranet.keytab # require valid-user # Options Indexes MultiViews FollowSymLinks # AllowOverride All # Order allow,deny # Allow from all # SetOutputFilter DEFLATE # taken from http://blogs.freebsdish.org/tmclaugh/2010/07/15/mod_auth_kerb-ad-and-ldap-authorization/ # download extra module and install # Strip the kerberos realm from the principle. # MapUsernameRule (.*)@(.*) "$1" AuthLDAPURL "ldap://echo.uk.xxx.com akhutan.usa.xxx.com/dc=xxx,dc=com?sAMAccountName" AuthLDAPBindDN cn=Administrator,ou=Users,dc=xxx,dc=com AuthLDAPBindPassword *** Require ldap-group cn=Domain Admins,ou=Users,dc=xxx,dc=com </Directory> I have followed this guide. I have download and install the tarball. when I try to uncomment MapUsernameRule i get failed error when restarting apache Reloading httpd: not reloading due to configuration syntax error I am using centos 5 64bit. I have added the following line but i still get syntax error LoadModule mod_map_user modules/mod_map_user.so

    Read the article

  • Samba and Windows 7

    - by John Gaughan
    I built a new computer with the intention of it being primarily a home file server. Here is my setup: one desktop with Windows 7 64 HP one laptop with Windows 7 64 HP one desktop with Kubuntu 11.10 (server) The two desktops use static IPs, and I have hostnames mapped in the HOSTS files on all three systems. I have the same username/password combo on all three systems. I have been trying for a while now to set up Samba so the Windows 7 systems can see and use it. Even if I can get the server to show up, Windows is unable to log in. One of the first things I did was to enable LMv2 authentication, which this version of Samba (3.5.11) supports. The workgroup is set correctly. I can normally see the server, but cannot authenticate. Windows homegroup is turned off. Pinging between machines works fine, and the two Windows 7 systems work together flawlessly. What I am trying to do is set up Samba to use peer to peer networking using NTLM security and user-mode authentication. According to the documentation this is possible, but there are no examples that I could find. In all the googling I have done, I see a lot of people asking how to set this up but it either works for someone else and not for me (no idea what I'm missing), or it doesn't work. Has anyone gotten this to work? Is there a place I could download a smb.conf that is set up to work in this environment?

    Read the article

  • Authenticating Linked Servers - SQL Server 8 to SQL Server 10

    - by jp2code
    We have an old SQL Server 2000 database that has to be kept because it is needed on our manufacturing machines. It also maintains our employee records, since they are needed on these machines for employee logins. We also have a newer SQL Server 10 database (I think this is 2008, but I'm not sure) that we are using for newer development. I have recently learned (i.e. today) that I can link the two servers. This would allow me to access the employee tables in the newer server. Following the SF post SQL Server to SQL Server Linked Server Setup, I tried adding the link. In our SQL Server 2000 machine, I got this error: Similarly, on our SQL Server 10 machine, I got this error: The messages, though worded different, probably say the same thing: I need to authenticate, somehow. We have an Active Directory, but it is on yet another server. What, exactly, should be done here? A guy HERE<< said to check the Security settings, but did not say what else to do. Both servers are set to SQL Server and Windows Authentication mode. Now what?

    Read the article

  • RemoteApp .rdp embed creds?

    - by Chris_K
    Windows 2008 R2 server running Remote Desktop Services (what we used to call Terminal Services back in the olden days). This server is the entry point into a hosted application -- you could call it Software as a Service I suppose. We have 3rd party clients connecting to use it. Using RemoteApp Manager to build RemoteApp .rdp shortcuts to distribute to client workstations. These workstations are not in the same domain as the RDS server. There is no trust relationship between domains (nor will there be). There is a tightly controlled site to site VPN between workstations and the RDS server, we're quite confident we have access to the server locked down. The remoteApp being run is an ERP application with its own authentication scheme. The issue? I'm trying to avoid the need to create AD logins for every end user when connecting to the RemoteApp server. In fact, since we're doing a remoteApp and they have to authenticate to that app, I'd rather just not prompt them at all for AD creds. I certainly don't want them caught up in managing AD passwords (and periodic expirations) for accounts they only use to get to their ERP login. However, I can't figure out how to embed AD creds in a RemoteApp .rdp file. I don't really want to turn off all authentication on the RDS server at that level. Any good options? My goal is to make this as seamless as possible for the end-users. Clarifying questions are welcome.

    Read the article

  • VPN with client-to-client direct connectivity?

    - by Johannes Ernst
    When setting up a VPN, clients (say client1 and client2) usually authenticate to a server, and together the three constitute the VPN. When client1 wishes to send a packet to client2, this packet usually gets routed by way of server. Are there products / configuration blueprints for products where it is possible to send packets directly from client1 to client2 without going though server? (if the underlying network topology permits it, e.g. no firewalls in the way) If not, is there a way by which client1 can send a packet to client2 by way of server, without the server being able to snoop on the content of the packet? (E.g. because the packet is encrypted with the public key of client2) I just asked in the OpenVPN forum, and the answer I got was "not with OpenVPN". So my question is: are there other products with which this is possible? Open-source preferred ... One use case: client1 and client2, typically in separate offices, find themselves both at headquarters. Do they still need to talk to each other via the public internet? Links appreciated. Thank you.

    Read the article

  • Why can a local root turn into any LDAP user?

    - by Daniel Gollás
    I know this has been asked here before, but I am not satisfied with the answers and don't know if it's ok to revive and hijack an older question. We have workstations that authenticate users on an LDAP server. However, the local root user can su into any LDAP user without needing a password. From my perspective this sounds like a huge security problem that I would hope could be avoided at the server level. I can imagine the following scenario where a user can impersonate another and don't know how to prevent it: UserA has limited permissions, but can log into a company workstation using their LDAP password. They can cat /etc/ldap.conf and figure out the LDAP server's address and can ifconfig to check out their own IP address. (This is just an example of how to get the LDAP address, I don't think that is usually a secret and obscurity is not hard to overcome) UserA takes out their own personal laptop, configures authentication and network interfaces to match the company workstation and plugs in the network cable from the workstation to their laptop, boots and logs in as local root (it's his laptop, so he has local root) As root, they su into any other user on LDAP that may or may not have more permissions (without needing a password!), but at the very least, they can impersonate that user without any problem. The other answers on here say that this is normal UNIX behavior, but it sounds really insecure. Can the impersonated user act as that user on an NFS mount for example? (the laptop even has the same IP address). I know they won't be able to act as root on a remote machine, but they can still be any other user they want! There must be a way to prevent this on the LDAP server level right? Or maybe at the NFS server level? Is there some part of the process that I'm missing that actually prevents this? Thanks!!

    Read the article

  • Problems with LDAP auth in Apache, works only for one group

    - by tore-
    Hi, I'm currently publishing some subversions repos within Apache: <Location /dev/> DAV svn SVNPath /opt/svn/repos/dev/ AuthType Basic AuthName "Subversion repo authentication" AuthBasicProvider ldap AuthzLDAPAuthoritative On AuthLDAPBindDN "CN=readonlyaccount,OU=Objects,DC=invalid,DC=now" AuthLDAPBindPassword readonlyaccountspassword AuthLDAPURL "ldap://invalid.domain:389/OU=Objects,DC=invalid,DC=domain?sAMAccountName?sub?(objectClass=*)" Require ldap-group cn=dev,ou=SVN,DC=invalid,DC=domain </Location> This setup works great, but now we want to give an LDAP group read only access to our repo, then my apache config looks like this: <Location /dev/> DAV svn SVNPath /opt/svn/repos/dev/ AuthType Basic AuthName "Subversion repo authentication" AuthBasicProvider ldap AuthzLDAPAuthoritative On AuthLDAPBindDN "CN=readonlyaccount,OU=Objects,DC=invalid,DC=now" AuthLDAPBindPassword readonlyaccountspassword AuthLDAPURL "ldap://invalid.domain:389/OU=Objects,DC=invalid,DC=domain?sAMAccountName?sub?(objectClass=*)" <Limit OPTIONS PROPFIND GET REPORT> Require ldap-group cn=dev-ro,ou=SVN,dc=invalid,dc=domain </Limit> <LimitExcept OPTIONS PROPFIND GET REPORT> Require ldap-group cn=dev-rw,ou=SVN,dc=invalid,dc=domain </LimitExcept> </Location> All of my user accounts is under: OU=Objects,DC=invalid,DC=domain All groups related to subversion is under: ou=SVN,dc=invalid,dc=domain The problem after modification, only users in the dev-ro LDAP group is able to authenticate. I know that authentication with LDAP works, since my apache logs show my usernames: 10.1.1.126 - tore [...] "GET /dev/ HTTP/1.1" 200 339 "-" "Mozilla/5.0 (...)" 10.1.1.126 - - [...] "GET /dev/ HTTP/1.1" 401 501 "-" "Mozilla/4.0 (...)" 10.1.1.126 - readonly [...] "GET /dev/ HTTP/1.1" 401 501 "-" "Mozilla/4.0 (...) line = user in group dev-rw, 2. line is unauthenticated user, 3. line is unauthenticated user, authenticated as a user in group dev-ro So I think I've messed up my apache config. Advise?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >