Search Results

Search found 1328 results on 54 pages for 'dbms ldap'.

Page 41/54 | < Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >

  • Using Apache / Kerberos / Keytab to Authenticate Redmine Users Against Active Directory

    - by David Kaczynski
    Please bare with me, as I am still fresh to these technologies. We have a Debian (squeeze) server to which I have root access. It is running Apache, and Redmine is deployed to the server (currently using a local MySQL database for authentication). Apache is configured to use Kerberos and a keytab file to authenticate users against Active Directory. With the current configuration, as soon as a user attempts to access anything over https, the user is prompted for a username / password, which is successfully authenticated against Active Directory. I understand (somewhat) that Redmine has its own LDAP configuration that can be used to authenticate users against an existing Active Directory, but this would require the user to enter their credentials one time for Apache and then a second time for Redmine. I am wondering, Can I somehow configure Redmine to share the Apache authentication method as opposed to requiring the user to enter their credentials a second time? (Using Apache to authenticate against Active Directory is a requirement for a separate application on the server)

    Read the article

  • Coding exercise for Linux Systems Admin?

    - by Prashanth Sundaram
    Hello All, I am preparing for a Systems Admin(linux) role for a big company(top 10 companies) and one of the requisite is knowledge of a language like perl, python or Ruby. I have a phone interview which involves sharing a editor with the interviewer, now what kind of coding exercise can I expect on a phone interview or a regular interview? I have used shell for most of my day-to-day tasks and occasionally Perl and python for bigger tasks. Now I don't expect them to ask Write a script that sync's AD users to LDAP? I don't think data structures, algorithms or sorting questions apply to me role? Can you give me any examples of SysAdmin related coding questions?

    Read the article

  • consequences of changing uid/gid on snow leopard

    - by Peter Carrero
    ok, so I introduced a Mac laptop to my home network of Kubuntu hosts and Fedora servers. Currently I don't have NIS or LDAP setup (I got only 2 users) and I just manually setup the UID/GID on the hosts. I would like to run the following command on my Macbook: dscl . -change /Users/me UniqueID 501 1000 dscl . -change /Users/me PrimaryGroupID 20 503 chown -R 1000:503 /Users/me dscl . append /Groups/staff GroupMembership me Before I go on to hose my new Mac, I would like to know if this is the right thing to do and, if so, what are the adverse consequences I may have. Thanks.

    Read the article

  • BlueCoat reverse proxy NTLM authentication

    - by mathieu
    Currently when we want to access an internal site from Internet (IIS with NTLM auth), we have two login screens that appear : step1 : LDAPAuth, from the BlueCoat that check login/password validity against Active Directory step2 : NTLM auth, from our application. Is it possible to configure the reverse proxy to use the LDAP credentials provided at step1, and give them to whatever application that requests them ? Of course, if those credentials aren't valid, nothing happens. We're using BlueCoat SG400. Update : we're not looking for SSO where the user doesn't have to enter a password. We want the user to enter his domain credentials in the LDAPAuth dialog box, and the proxy to reuse it to authenticate against our application. Or any application that uses NTLM. We've only got 1 AD domain behind the reverse proxy.

    Read the article

  • use of [!NOTFOUND=return] in nsswitch.conf

    - by Chris Phillips
    Has anyone come across the use of this config for passwd and groups config in nsswitch.conf? Where I'm working I've been told it's been shown to help situations where a group exists both locally and in ldap which was causing issues for group memberships etc. However this config seems to totally mess up nscd which will be aware of the groups and all their members but will not flip the data around to say the user is a member of all it's remote groups. Initially it seems, given a fully available environment, to be exactly the same as [FOUND=return] which is an implict default between stages anyway. However apparently a lengthy ticket with Redhat resulted in the recommended use of that configuration.

    Read the article

  • Vista Enterprise doesn't find logon servers in a network with 802.1x authentication

    - by jneves
    In a network with 802.1x configuration and a samba server configured in the domain, I have a radius server that delegates the authentication against the samba domain for users (using LDAP). The radius defines which VLAN the user is supposed to have access. I'm trying to put a Windows Vista Enterprise in the same network, but it attempts to logon the domain before authenticating against the network in 802.1x and it doesn't find any logon servers. In the radius logs I see the machine trying to authenticate with 'host/'. Does Vista enterprise require that I put it in a network with access to the logon server at that point? Thanks in advance, João Miguel Neves

    Read the article

  • squid3 auth thru samba using ntlm to AD doesn't work

    - by derty
    some users here are spending to much time exploring the WWW. So big boss whats to get this under control. We use a squid3 just for some security reason and chace benefits. and now i'm trying to set up a new proxy on a different server (Debian 6) Permissions are defined in AC and the squid3 should get the auth thru samba/winbind by using the ntlm protocol. but i'll get all the time Access, denited. it only works by using LDAP but thats not the way i need it. here some log and confs squid access.log 1326878095.784 1 192.168.15.27 TCP_DENIED/407 4049 GET http://at.msn.com/? -NONE/- text/html 1326878095.791 1 192.168.15.27 TCP_DENIED/407 4294 GET http://at.msn.com/? - NONE/- text/html 1326878095.803 9 192.168.15.27 TCP_DENIED/403 4028 GET http://at.msn.com/? kavan NONE/- text/html 1326878095.848 0 192.168.15.27 TCP_DENIED/403 3881 GET http://www.squid-cache.org/Artwork/SN.png kavan NONE/- text/html 1326878100.279 0 192.168.15.27 TCP_DENIED/403 3735 GET http://www.google.at/ kavan NONE/- text/html 1326878100.296 0 192.168.15.27 TCP_DENIED/403 3870 GET http://www.squid-cache.org/Artwork/SN.png kavan NONE/- text/html 1326878155.700 0 192.168.15.27 TCP_DENIED/407 4072 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml - NONE/- text/html 1326878155.705 2 192.168.15.27 TCP_DENIED/407 4317 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml - NONE/- text/html 1326878155.709 3 192.168.15.27 TCP_DENIED/403 4026 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml kavan NONE/- text/html squid chace 2012/01/18 10:12:49| Creating Swap Directories 2012/01/18 10:12:49| Starting Squid Cache version 3.1.6 for x86_64-pc-linux-gnu... 2012/01/18 10:12:49| Process ID 17236 2012/01/18 10:12:49| With 65535 file descriptors available 2012/01/18 10:12:49| Initializing IP Cache... 2012/01/18 10:12:49| DNS Socket created at [::], FD 7 2012/01/18 10:12:49| DNS Socket created at 0.0.0.0, FD 8 2012/01/18 10:12:49| Adding nameserver 192.168.15.2 from /etc/resolv.conf 2012/01/18 10:12:49| Adding nameserver 192.168.15.19 from /etc/resolv.conf 2012/01/18 10:12:49| Adding nameserver 192.168.15.1 from /etc/resolv.conf 2012/01/18 10:12:49| Adding domain schoenbrunn.local from /etc/resolv.conf 2012/01/18 10:12:49| helperOpenServers: Starting 5/5 'squid_ldap_auth' processes 2012/01/18 10:12:49| helperOpenServers: Starting 10/10 'ntlm_auth' processes 2012/01/18 10:12:49| helperOpenServers: Starting 10/10 'squid_kerb_auth' processes 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| helperOpenServers: Starting 5/5 'squid_ldap_group' processes 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| Unlinkd pipe opened on FD 73 2012/01/18 10:12:49| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2012/01/18 10:12:49| Store logging disabled 2012/01/18 10:12:49| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2012/01/18 10:12:49| Target number of buckets: 1008 2012/01/18 10:12:49| Using 8192 Store buckets 2012/01/18 10:12:49| Max Mem size: 262144 KB 2012/01/18 10:12:49| Max Swap size: 0 KB 2012/01/18 10:12:49| Using Least Load store dir selection 2012/01/18 10:12:49| Set Current Directory to /var/spool/squid3 2012/01/18 10:12:49| Loaded Icons. 2012/01/18 10:12:49| Accepting HTTP connections at [::]:3128, FD 74. 2012/01/18 10:12:49| HTCP Disabled. 2012/01/18 10:12:49| Squid modules loaded: 0 2012/01/18 10:12:49| Adaptation support is off. 2012/01/18 10:12:49| Ready to serve requests. 2012/01/18 10:12:50| storeLateRelease: released 0 objects smb.conf # Domain Authntication Settings workgroup = <WORKGROUP> security = ads password server = <DOMAINNAME>.LOCAL realm = <DOMAINNAME>.LOCAL ldap ssl = no # logging log level = 5 max log size = 50 # logs split per machine log file = /var/log/samba/%m.log # max 50KB per log file, then rotate ; max log size = 50 # User settings username map = /etc/samba/smbusers idmap uid = 10000-20000000 idmap gid = 10000-20000000 idmap backend = ad ; template primary group = <ad group> template shell = /sbin/nologin # Winbind Settings winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind netsted groups = Yes winbind nested groups = Yes winbind cache time = 10 winbind use default domain = Yes #Other Globals unix charset = LOCALE server string = <SERVERNAME> load printers = no printing = cups cups options = raw ; printcap name = /etc/printcap #obtain list of printers automatically on SystemV ; printcap name = lpstat ; printing = cups squid.conf auth_param ntlm program /usr/bin/ntlm_auth --require-membership-of=<DOMAINNAME>\\INTERNETZ --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 10 auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b "dc=<dcname>,dc=local" -D "cn=administrator,cn=Users,dc=<domainname>,dc=local" -w "******" -f sAMAccountName=%s -h 192.168.15.19:3268 auth_param basic realm "Proxy Authentifizierung. Bitte geben Sie Ihren Benutzername und Ihr Passwort ein!" #means insert you PW in an other language - # external_acl_type InetGroup %LOGIN /usr/lib/squid3/squid_ldap_group -R -b "dc=<domainname>,dc=local" -D "cn=administrator,cn=Users,dc=<domainname>,dc=local" -w "******" -f "(&(objectclass=person)(sAMAccountName=%v) (memberof=cn=%a,cn=internetz,dc=<domainname>,dc=local))" -h 192.168.15.19:3268 auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d auth_param negotiate children 10 auth_param negotiate keep_alive on acl localnet proxy_auth REQUIRED acl InetAccess external InetGroup Internetz http_access allow InetAccess http_access deny all acl auth proxy_auth REQUIRED http_access allow auth and a very suspicious is that by adding the proxy server to the Domain i see 2 new entries in the PC one with the original computer-name leopoldine and one with leopoldine CNF:f8efa4c4-ff0e-4217-939d-f1523b43464d ?!? I tried a lot, really... but i stuck on this problem... i actually i even reinstalled all dependent programs and reconfigured them from default. Group exists and has me in it. Firefox running on the old proxy and i use IE for testing the new one. But i'll get all the time Access-Denited and to be honest i'm quite a beginner, so please don't be to prude. I'll interested in improving, i'll get the information we need to fix this but i started working 2 month ago and got only 1 1/2 year's training and not a single sec. in linux ;)

    Read the article

  • Which kerberos flavor?

    - by Michael Lowman
    So I'm setting up a small network with all the standard stuff (files, email, etc.) and I've decided to go with a Kerberos+LDAP solution. Any ideas or recommendations on Heimdal vs. MIT? I've used MIT before, and tangentially Heimdal, but I don't really know of any real reason for using one over the other. I just know that I'd prefer not to realize I'd rather be running MIT after getting the whole Heimdal up and running with a full user database. If any other info'd be useful, I'm happy to provide.

    Read the article

  • Specify Credentials to run Powershell Script to Query AD

    - by Ben
    I want to run a powershell script to query AD from a machine that is NOT on the domain. Basically I want to query to see if there is computer account already on the domain for this machine and create it if there is not. Because this has to happen before the machine joins the domain I assume I will need to specify some credentials to enable it to run. (I'm pretty new to Powershell, so apologies if this is a newbie question!) The script I am using to check the account is below, and then once this has run it will join the domain using the computername specified. Can you tell me how to specify some domain credentials to run this section of the script as? Cheers, Ben $found=$false $thisComputer = <SERVICE TAG FROM BIOS> $ou = [ADSI]"LDAP://OU=My Computer OU,DC=myDomain,DC=com" foreach ($child in $ou.psbase.Children ) { if ($child.ObjectCategory -like '*computer*') { If ($child.Name -eq $thisComputer) { $found=$true } } } If ($found) { <DELETE THE EXISTING ACCOUNT> }

    Read the article

  • Product Recommendation: Good job scheduler for windows servers?

    - by Bret Fisher
    Looking for a mostly-GUI tool that is low cost (less then $1k, but not required) and allows you to create scheduled tasks and jobs without writing vbscript, batch files, or powershell. Something simple that speaks SMB/CIFS, SMTP, LDAP, etc. for such things as "delete some files based on a list of folders from this text file" or "disable all users with expired accounts" or "delete all disabled users not in this AD group". I've seen some of the big multi-OS enterprise task automation systems and they just look way overkill. We're a windows-only shop, Server 2003 or newer and there's got to be a simple non-agent based product that is drag-n-drop for some of this basic automation. Today we use all three languages mentioned above, and the scripts are not as reliable as a workflow-based-tool would be. Thanks.

    Read the article

  • php5.4 + freebsd8.3+nginx can't get errors

    - by Alexey Perepechko
    I have a confusing behaviour. I can't get any error into log file or screen. I made a file index.php with content like this: "<?php a();".Normally, I will get message like this: "Call to undefined function a()" but when I called this script on my configuration I got nothing. Only white screen and empty logs. I checked all rights. I turned on all possible log file. Nothing. Please help me. My configuration is: freebsd 8.3-RELEASE PHP 5.4.7 (fpm-fcgi) nginx version: nginx/1.2.4 FPM-config [global] pid = run/php-fpm.pid error_log = log/php-fpm.log log_level = notice emergency_restart_threshold = 5 emergency_restart_interval = 2 process_control_timeout = 2 daemonize = yes events.mechanism = kqueue [puser] listen = /usr/local/www/host/tmp/php-fpm.sock; listen.backlog = -1 listen.allowed_clients = 127.0.0.1 listen.owner = puser listen.group = puser listen.mode = 0666 user = puser group = puser pm = dynamic pm.max_children = 30 pm.start_servers = 2 pm.min_spare_servers = 2 pm.max_spare_servers = 5 pm.max_requests = 50 slowlog = /usr/local/www/host/logs/fpm.log.slow request_slowlog_timeout = 1s rlimit_files = 1024 rlimit_core = 0 chroot = /usr/local/www/host/ catch_workers_output = yes env[HOSTNAME] = $HOSTNAME env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp php_admin_value[upload_tmp_dir] = /tmp php_admin_value[cgi.fix_pathinfo] = 0 php_admin_value[date.timezone]= 'Europe/Moscow' php_admin_value[memory_limit] = 320m php_admin_value[max_execution_time] = 180 php_admin_flag[log_errors] = on php_admin_value[error_log] = /logs/fpm-err.log php_admin_value[error_reporting] = 'E_ALL & ~E_NOTICE' php_admin_value[display_errors] = on php_admin_flag[display_startup_errors] = on NGINX config user www; worker_processes 2; worker_rlimit_nofile 80000; error_log /var/log/nginx_error.log notice; #pid logs/nginx.pid; events { worker_connections 2048; use kqueue; } http { server_tokens off; client_max_body_size 4m; include mime.types; default_type application/octet-stream; charset utf-8; sendfile on; keepalive_timeout 65; tcp_nopush on; tcp_nodelay on; log_format IP .$remote_addr.; log_format main '$remote_addr - $remote_user [$time_local] $request $request_body ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; reset_timedout_connection on; server { listen 80; server_name www.example.com; access_log /usr/local/www/host/logs/access.log main; error_log /usr/local/www/host/logs/error.log error; error_page 500 502 503 504 /errors/50x.html; error_page 404 /errors/404.html; root /usr/local/www/host/htdocs; index index.php index.html index.htm; location / { index index.html index.php; try_files $uri /index.php?$args; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_intercept_errors on; fastcgi_pass unix:/usr/local/www/host/tmp/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /htdocs$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED /htdocs$fastcgi_script_name; include /usr/local/etc/nginx/fastcgi_params; } } } PHP config (php.ini) [PHP] engine = On short_open_tag = On asp_tags = Off precision = 14 y2k_compliance = On output_buffering = 4096 zlib.output_compression = Off implicit_flush = Off unserialize_callback_func = serialize_precision = 100 allow_call_time_pass_reference = Off safe_mode = Off safe_mode_gid = Off safe_mode_include_dir = safe_mode_exec_dir = safe_mode_allowed_env_vars = PHP_ safe_mode_protected_env_vars = LD_LIBRARY_PATH disable_functions = dl,system,exec,passthru,shell_exec disable_classes = expose_php = On max_execution_time = 30 max_input_time = 60 memory_limit = 128M error_reporting = E_ALL display_errors = On display_startup_errors = On log_errors = On log_errors_max_len = 1024 ignore_repeated_errors = Off ignore_repeated_source = Off report_memleaks = On track_errors = On error_log = /var/log/php-fpm-error.log variables_order = "GPCS" request_order = "GP" register_globals = Off register_long_arrays = Off register_argc_argv = Off auto_globals_jit = On post_max_size = 8M magic_quotes_gpc = Off magic_quotes_runtime = Off magic_quotes_sybase = Off auto_prepend_file = auto_append_file = default_mimetype = "text/html" doc_root = user_dir = enable_dl = Off file_uploads = On upload_max_filesize = 2M max_file_uploads = 20 allow_url_fopen = On allow_url_include = Off default_socket_timeout = 60 [Date] date.timezone = Europe/Moscow [filter] [iconv] [intl] [sqlite] [sqlite3] [Pcre] [Pdo] [Pdo_mysql] [Phar] [Syslog] define_syslog_variables = Off [mail function] SMTP = localhost smtp_port = 25 mail.add_x_header = On [SQL] sql.safe_mode = Off [ODBC] odbc.allow_persistent = On odbc.check_persistent = On odbc.max_persistent = -1 odbc.max_links = -1 odbc.defaultlrl = 4096 odbc.defaultbinmode = 1 [Interbase] [MySQL] mysql.allow_local_infile = On mysql.allow_persistent = On mysql.cache_size = 2000 mysql.max_persistent = -1 mysql.max_links = -1 mysql.default_port = mysql.default_socket = mysql.default_host = mysql.default_user = mysql.default_password = mysql.connect_timeout = 60 mysql.trace_mode = Off [MySQLi] mysqli.max_persistent = -1 mysqli.allow_persistent = On mysqli.max_links = -1 mysqli.cache_size = 2000 mysqli.default_port = 3306 mysqli.default_socket = mysqli.default_host = mysqli.default_user = mysqli.default_pw = mysqli.reconnect = Off [mysqlnd] mysqlnd.collect_statistics = On mysqlnd.collect_memory_statistics = Off [OCI8] [PostgresSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 pgsql.ignore_notice = 0 pgsql.log_notice = 0 [Sybase-CT] sybct.allow_persistent = On sybct.max_persistent = -1 sybct.max_links = -1 sybct.min_server_severity = 10 sybct.min_client_severity = 10 [bcmath] bcmath.scale = 0 [browscap] [Session] session.save_handler = files session.use_cookies = 1 session.use_only_cookies = 1 session.name = PHPSESSID session.auto_start = 0 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.cookie_httponly = session.serialize_handler = php session.gc_probability = 1 session.gc_divisor = 1000 session.gc_maxlifetime = 1440 session.bug_compat_42 = Off session.bug_compat_warn = Off session.referer_check = session.entropy_length = 0 session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 0 session.hash_function = 0 session.hash_bits_per_character = 5 url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" [MSSQL] mssql.allow_persistent = On mssql.max_persistent = -1 mssql.max_links = -1 mssql.min_error_severity = 10 mssql.min_message_severity = 10 mssql.compatability_mode = Off mssql.secure_connection = Off [Assertion] [COM] [mbstring] [gd] [exif] [Tidy] tidy.clean_output = Off [soap] soap.wsdl_cache_enabled=1 soap.wsdl_cache_dir="/tmp" soap.wsdl_cache_ttl=86400 soap.wsdl_cache_limit = 5 [sysvshm] [ldap] ldap.max_links = -1 [mcrypt] [dba] I need to get errors on display and detailed record in the error.log.

    Read the article

  • Can't send emails through sendmail, error occured

    - by skomak
    Hi, I have sendmail MTA and i use pear:Mail class to send mails through remote sendmail server. Everything was fine till yesterday. Probably nothing changes was made in configs. At maillog i can see: May 6 12:58:55 xxx sendmail[25903]: STARTTLS=server, relay=hostxxxx.static.xx.xx.pl [85.x.x.x], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256 May 6 12:58:56 xxx sendmail[25903]: o46AwtqE025903: hostxxxx.static.xx.xx.pl [85.x.x.x] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA2 and in /var/log/messages: May 6 13:00:17 lilia sendmail[27193]: realm changed: authentication aborted I use ldap to authenticate users but i used the same script to check mailing on another server and it works there good, only this server behave weird. Packets are deliverd to sendmail server i can see it in tcpdump, but there is smaller packets than on other server which sends emails. Could you tell me how can i check what is wrong with that? D.S.

    Read the article

  • OSX Server 3, Mac clients binding to OD and Profile Manager failing

    - by dbf
    I've made a setup containing a Mac Mini with OSX Server 3 (Mavericks 10.9.2) using Open Directory and Profile Manager (Mail, etc all set up and working). Now the thing is, internally on the local network, everything works great. Clients can bind to the OD and the users are able to login. I can install trust and settings profiles (either custom or group profiles) and all services in the profiles mentioned are being configured correctly. I can log in and out, hump around and do it a 100 times on different macs with different users, it works. My goal is to make this service publicly. The domain is with a FQDN which I own, for simplicity let's say server.domain.com. Now the only way for me to bind the clients to the OD is using LDAP mapping RCF2307 (without SSL) and a DN suffix of dc=server,dc=domain,dc=com using the Directory Utility. The options from server, or open directory will throw several errors like Connection failed to node '/LDAPv3/server.domain.com (2100). First of all I don't really understand the problem why clients can't bind to the OD like it does locally, with and without SSL (all ports are open, literally all ports are open, not just 389,636 and 1640, wasn't sure if I was missing any). When the clients are using LDAP mapping RFC2307 to bind (without SSL only), clients are able to authenticate, login and even load the Trust profile. But every Settings profile will fail with a Debug Message: Unable to find GUID in user record OD or fail to install saying missing user identification. Is there any way to get this to work without RFC2307? Because there is quite some stuff missing when using RFC2307 and not pull the mapping from the server or use open directory. Is this setup even possible? Or should I use VPN to authenticate with the OD? The network setup is a Modem/Router (DHCP off) with WAN NATted to an Airport Extreme (Using DHCP+NAT). The AE does notify with a double NAT message but I haven't had any problems with it on any other service. So WAN - 192.168.2.220 (static), AE - 10.0.1.* (dhcp) Output of DIG from the outside using dig server.domain.com ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;server.domain.com. IN A ;; ANSWER SECTION: server.domain.com. 77 IN A 91.50.*.* (valid WAN IP) ;; SERVER 172.*.*.1#53(172.*.*.1) (iPhone) DIG locally from a client and server (same output) ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;server.domain.com. IN A ;; ANSWER SECTION: server.domain.com. 10800 IN A 10.0.1.11 ;; AUTHORITY SECTION: server.domain.com. 10800 IN NS domain.com. (used for email send in relay) server.domain.com. 10800 IN NS server.domain.com. ;; SERVER 10.0.1.11#53(10.0.1.11) Are there any things I should check? Only have OSX. -- double NAT issue, plugged in the server directly on the Modem/Router with a static IP and issue remains. Guess that rules out the double NAT thing. -- changeip -checkhostname comes with There is nothing to change, e.g. success. Primary address = 10.0.1.11 Current HostName = server.domain.com DNS HostName = server.domain.com For now, I've made a workaround by using an admin account that forces a permanent VPN connection on boot. That means before it comes to the login, a connection is already made or underway. I will continue this post when I have more time, also locating all the necessary .log files of each application involved. I have some suspicions but have to debug a bit more when I have more time on my hands .. Unless, of course, I get sidetracked with having a life. Which is arguably not very likely. krypted.com

    Read the article

  • Password expiration notice for Active Directory

    - by keithosu
    Are there any tools/apps/scripts out there that will do password expiry notification for Windows 2008 Active Directory credentials? This is needed for our web apps that use Active Directory for LDAP authentication. The problem is those apps do not notify you that your password is going to expire when you login. We have many offsite users who do not have machines bound to the AD. So there is no way to let them know to reset their password. I'd like the user to be notified 30,7 and 1 day before it expires. I'd also like our help desk to get an email for the expiring passwords for the week and recently expired passwords. I've looked at oldcmp.exe from link text and that gets me my reports but it does not do the automation that I'm looking for on the individual users.

    Read the article

  • Samba4 advice for production use

    - by pgb
    I have an old Samba 3 + LDAP server installed that needs to be rebuilt. I'm weighting my options, and Windows Server seems too expensive at the moment, and Samba 4 appeared to be a nice option, coupled with the last Bind 9 that can dynamically add the computers to the DNS. I have about 30 workstations, so I still consider it a small network. My questions are: Is Samba 4 stable enough for production? It seems as if the Samba team is too cautious on when to call their version final, or even beta, as compared with other open source projects. What Linux distribution would you recommend to set it up? I usually use Ubuntu Server, but may use another one if installing / maintaining Samba 4 is better on that one.

    Read the article

  • Mystery "users" email group

    - by dangowans
    This morning, our entire company received a spam message sent to [email protected], where "ourdomain.on.ca" is our actual domain. There is a distinguished name that this could correspond to: CN=Users,DC=ourdomain,DC=on,DC=ca Looking at the attributes though, there is no mail, no proxyAddresses, no signs that there is a mailbox configured there. I did some LDAP queries, searching for: (proxyAddresses=smtp:[email protected]) ([email protected]) But am not seeing any records. (I also search for known email addresses to ensure the tree was being searched properly.) We are running Exchange 2003. Is there another place to look for group email addresses? Is it possible that the distinguished name is being automatically translated to an email address?

    Read the article

  • Can you recommend a robust OpenAPI 2.0 provider?

    - by larsks
    Help me find a robust OpenID 2.0 provider! We're looking at various SSO solutions for our organization, and I would like to suggest OpenID as a viable option, since (a) there is good consumer support in a number of web applications, and (b) it's simpler to implement than Shibboleth, which is the alternative technology. However, this requires that we find a robust OpenID provider, ideally one meeting the 2.0 specification. The only solutions I've come across so far are: Atlassian Crowd This looks great, although the $4000 price tag may make it a tough sell. Community-ID This looks like an interesting idea, but I'm not sure the project quality is at a suitable level (yet). In particular, it's not clear if LDAP support actually works (which will be a requirement in our environment). Have you implemented OpenID in your environment? What are you using? Have you selected an alternative SSO technology?

    Read the article

  • Can I force NFS automounts to use NFSv3?

    - by Steve
    I have a linux server that is exporting NFSv4 as well as NFSv3. I have a Fedora14 client that is defaulting to NFSv4 when automounting NFS shares off of the linux server, and it seems to be causing some problems. All my other linux clients on the network are mounting via NFSv3 without issue, so is there a way I can tell automount to mount the share via v3? I am pulling my automount maps via LDAP, with an entry in my /etc/auto.master file like so: +auto_master, so I assume it's a bit different than listing options with a regular automount map? (.i.e. /home --nfsvers=3 fileserver:/DATA)

    Read the article

  • Double VPN Network Authentication

    - by Pyromanci
    I have a project I'm working on and looking for some info. Right now I have a VPN network using Cisco Pix 501's for the vpn clients and a Cisco VPN Concentrator 3000 for the VPN Server. Since the Pix is constantly connected to the vpn, I want to add a extra level of authentication. Meaning when the user on the other end goes to access anything on the VPN they are asked for a username password before the connection is established. I've never done this sort of structure before. So I'm not even sure where to really being or even if my current hardware can do something like this, or if i need to through in some sort of radius/LDAP/Active Directory type server into the mix.

    Read the article

  • Simple one-way synchronisation of user password list between servers

    - by Renaud Bompuis
    Using a RedHat-derivative distro (CentOS), I'd like to keep the list of regular users (UID over 500), and group (and shadow files) pushed to a backup server. The sync is only one-way, from the main server to the backup server. I don't really want to have to deal with LDAP or NIS. All I need is a simple script that can be run nightly to keep the backup server updated. The main server can SSH into the backup system. Any suggestion? Edit: Thanks for the suggestions so far but I think I didn't make myself clear enough. I'm only looking at synchronising normal users whose UID is on or above 500. System/service users (with UID below 500) may be different on both system. So you can't just sync the whole files I'm afraid.

    Read the article

  • Choosing a Wiki for an academic institute

    - by abhishekgupta92
    I need to choose a Wiki. Please someone help. Following are my requirements: 1) Need good control to the access variables 2) LDAP integration support 3) User Group Support 4) Good Themes and Templates Mediawiki has the problem that it does not support Users Groups that intutively. Twiki and Foswiki have a problem that any authenticated user that has write permissions for a topic also have the write to change the particualar permissions for the topic. Else, can someone suggest me where to look for the answer. I know about the WikiMatrix

    Read the article

  • Choosing a Wiki for an academic institute

    - by abhishekgupta92
    I need to choose a Wiki. Please someone help. Following are my requirements: 1) Need good control to the access variables 2) LDAP integration support 3) User Group Support 4) Good Themes and Templates Mediawiki has the problem that it does not support Users Groups that intutively. Twiki and Foswiki have a problem that any authenticated user that has write permissions for a topic also have the write to change the particualar permissions for the topic. Else, can someone suggest me where to look for the answer. I know about the WikiMatrix

    Read the article

  • How do I install php-gd?

    - by user42577
    I've done phpinfo() to see if it was installed but I see no mention of the gd libraries anywhere. I ran this command (rpm -qa | grep php) and this is what I see: php-gd-4.3.9-3.18.1.swsoft php-mysql-4.3.9-3.18.1.swsoft php-pgsql-4.3.9-3.18.1.swsoft php-4.3.9-3.18.1.swsoft php-domxml-4.3.9-3.18.1.swsoft php-imap-4.3.9-3.18.1.swsoft php-mbstring-4.3.9-3.18.1.swsoft php-ncurses-4.3.9-3.18.1.swsoft php-pear-4.3.9-3.18.1.swsoft php-snmp-4.3.9-3.18.1.swsoft php-devel-4.3.9-3.18.1.swsoft php-ldap-4.3.9-3.18.1.swsoft php-odbc-4.3.9-3.18.1.swsoft php-xmlrpc-4.3.9-3.18.1.swsoft My server is a linux box with php5 installed. I also tried to run yum install php5-gd to no avail.What else should I do or check to get it installed?

    Read the article

  • OpenLDAP server logs filled with "TLS negotiation failure"

    - by WildVelociraptor
    I recently migrated an old OpenLDAP setup to a newer server, with a more robust certificate setup. Currently, most hosts are required to verify the cert matches the host: tls_checkpeer yes TLS_REQCERT always In the server logs, there are multiple occurences of: Nov 6 10:45:08 <servername> slapd[1773]: conn=2785646 fd=35 closed (TLS negotiation failure) These errors appear from multiple hosts, but there don't seem to be any issues actually logging into those servers with an LDAP account. Does anyone know what would cause these errors? The server is running Ubuntu 12.04.2, and OpenLDAP version 2.4.28. The cert was generated using GnuTLS.

    Read the article

  • Configuring Ubuntu 10.04's Greeter Screen

    - by Skizz
    I have an Ubuntu server (9.04 at the moment) and an Ubuntu desktop which I recently upgraded to 10.04. Once I'd set up the users and groups on the desktop to match the server (I'm new to this, I think LDAP would do this for me, but that's another question), the friendly greeter screen no longer displays the same set of users1. In 9.04 (the previous version running on the desktop PC) there were four users shown. These had UIDs of 500 to 510. Changing the UIDs is one solution, but that would mean changing the UIDs on all my linux PCs, and that is a might PITA (unless there's a tool to make it less painful). How can I get the greeter in 10.04 to show users with UIDs in the 500s without resorting to changing the UIDs? I use the greeter screen with user pictures as the PC is mainly for use by my young children and clicking the picture is a bit easier (they still need to type a password though).

    Read the article

< Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >