Search Results

Search found 28603 results on 1145 pages for 'active users'.

Page 54/1145 | < Previous Page | 50 51 52 53 54 55 56 57 58 59 60 61  | Next Page >

• How to install Active Directory Users and Computers for Windows 2008

  - by Mark Arnott

  I want to install the administration tools on a Windows Server 2008 (R1) machine. On Windows 2003 you installed adminpak.msi, but I can't find such a file for 2008. Is this a "feature" in Server Manager? If so what is it named? ---UPDATE--- So I drilled into the server Features list and I have "Remote Server Administration Tools" but it only includes File Services, Print Services and Web Server. This is a member server in a domain but not a domain controller. It is Windows 2008 (original) not R2. Still, why can't it run AD users and computers from this machine?

  Read the article

• Open-sourcing a web site with active users?

  - by Lars Yencken

  I currently run several research-related web-sites with active users, and these sites use some personally identifying information about these users (their email address, IP address, and query history). Ideally I'd release the code to these sites as open source, so that other people could easily run similar sites, and more importantly scrutinise and replicate my work, but I haven't been comfortable doing so, since I'm unsure of the security implications. For example, I wouldn't want my users' details to be accessed or distributed by a third party who found some flaw in my site, something which might be easy to do with full source access. I've tried going half-way by refactoring the (Django) site into more independent modules, and releasing those, but this is very time consuming, and in practice I've never gotten around to releasing enough that a third party can replicate the site(s) easily. I also feel that maybe I'm kidding myself, and that this process is really no different to releasing the full source. What would you recommend in cases like this? Would you open-source the site and take the risk? As an alternative, would you advertise the source as "available upon request" to other researchers, so that you at least know who has the code? Or would you just apologise to them and keep it closed in order to protect users?

  Read the article

• How to limit access to Exchange 2003 Mobile Actviesync server by user?

  - by micilin

  So I was asked to set up an Exchange Activesync mobile gateway. That's done. It's a separat eExchange 2003 front-end server configured for SSL, and I've put an off-domain ISA server in front of it. Now I'm being asked to limit which users can connect to it. By default an Exchange front-end server allows any user who has a mail account to connect to the front -end server. So I'm looking at the permissions on the various IIS sites/apps on the server, but I know that it's easy to break Exchange Front-end server perms. So I've got the following in IIS: Exadmin Exchange EchWeb Microsoft-SErver-ActiveSync MobileAdmin OMA And a couple of others that I dont think are relevant. Can I change the permissions on one of these to restrict who can connect to Activesync? As a bonus: Can I do it in a way that does not affect ordinary browser based Exchange Access? Thanks in Advance!!

  Read the article

• Trying to create an image list based on what is defined as the order, and loosing

  - by user1691463

  I have a custom created module for Joomla 2.5 and within the params of the module, and have a loop that is not outputting as expected. I have the following parameters (fields) int he module: Order Thumb image Image Title Full-size image Now there are 10 sets of these group of 4 params. What I am trying to do is loop through each of the object sets, 10 of them, and on each iteration, build an HTML image list structure. The if statement is building the HTML structure for the sets that have an order value that is greater than 0, and the else is creating the html for those sets that do not have a value greater that 0. The goal is to create two variables and then concatenate the the strings together; the leading set are the sets that have an order defined. This is not happening and every thrid loop seems like it is missing. Here is the order as it is set in the 10 sets Set 1 = 0 Set 2 = 4 Set 3 = 1 Set 4 = 0 Set 5 = 5 Set 6 = 0 Set 7 = 0 Set 8 = 6 Set 9 = 3 Set 10 = 9 However, the outcomes is: 9 5 1 4 6 7 10 Instead of the expected: 3 9 2 5 8 1 (below here are those sets that were not greater than 0 in order of appearance) 4 6 7 whats wrong here that I can not see <?php for ($i = 1; $i <= 10; $i++) { $order = $params->get('order'.$i);#get order for main loop of 10 $active = ""; if ($order > 0) {#Check if greater than 0 for ($n = 1; $n <= 10; $n++) {#loop through all order fields looking and build html lowest to highest; $ordercheck =$params->get('order'.$n); if ($ordercheck == $i) { $img = $params->get('image'.$n); $fimage = $params->get('image'.$n.'fullimage'); $title = $params->get('image'.$n.'alttext'); $active = ""; $active = $active . '<li>'; $active = $active . '<a href="'.$fimage.'" rel="prettyPhoto[gallery1]" title="'.$title.'">'; $active = $active . '<img src="'.$img.'" alt="'.$title.'" />'; $active = $active . '</a>'; $active = $active . '</li>'; $leading = $leading . $active; } } } else { #if the itteration $order was not greater than 0, build in order of accourance $img = $params->get('image'.$i); $fimage = $params->get('image'.$i.'fullimage'); $title = $params->get('image'.$i.'alttext'); $active = $active . '<li>'; $active = $active . '<a href="'.$fimage.'" rel="prettyPhoto[gallery1]" title="'.$title.'">'; $active = $active . '<img src="'.$img.'" alt="'.$title.'" />'; $active = $active . '</a></li>'; $unordered = $unordered . $active; } $imagesList = $leading . $unordered; } ?>

  Read the article

• Directory service unavailiable, new hardware same settings

  - by Alex

  I'm working on a project with 2 sites connected by a VPN. Site 1 has the main server and there is a secondary server at site 2 which I am trying to replace. The current setup works perfectly however I can't for the life of me get the replacement server at site 2 up and running. I'm trying to replace like for like just upgraded hardware. I have installed the OS (all Server 2003 Standard SP2) and used exactly the same settings as the old server. I have setup Active Directory, DNS Server, DHCP Server and WINS Server configured. I have used all the same settings as the old server (except IP address and name). I can access the active directory but I can't do anything; add, edit, delete all returns "the directory service is unavaliable". No-one can login on any of the computers on site 2 and the internet is down. Plugging the old server back in and connecting it to the network rectifies the issue (so both new and old are connected at site 2), everyone can login and the internet is back (curious since the modem connects direct to the switch, and even with the new server online I can connect to the router via IP but not the net). I really don't have much experience but I've been roped into doing this because my company is too cheap to hire a real network admin. Any suggestions of where I can start to troubleshoot this, its driving me crazy and I only have a day before all the users are back on site.

  Read the article

• TGT validation fails, but only for one user

  - by wzzrd

  I'm seeing the weirdest thing here. I have a couple of RHEL3, 4 and 5 machines that validate user credentials through Kerberos with an Active Directoy domain controller as their KDC. This works for all of my users, save one. There is one account that is unable to log into RHEL3 Linux machines and generates the following errors there: May 31 13:53:19 mybox sshd(pam_unix)[7186]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.1 user=user May 31 13:53:20 mybox sshd[7186]: pam_krb5: TGT verification failed for `user' May 31 13:53:20 mybox sshd[7186]: pam_krb5: authentication fails for `user' Other accounts, like my own, are fine: May 31 17:25:30 mybox sshd(pam_unix)[12913]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.1 user=myuser May 31 17:25:31 mybox sshd[12913]: pam_krb5: TGT for myuser successfully verified May 31 17:25:31 mybox sshd[12913]: pam_krb5: authentication succeeds for `myuser' May 31 17:25:31 mybox sshd(pam_unix)[12915]: session opened for user myuser by (uid=0) As you can see, TGT validation fails. This only happens for this specific account, not for any other. The failing useraccount's password has been reset, I inspected both user objects in Active Directory, but I see nothing out of the ordinary. If I have the failing useraccount log into a RHEL4 or 5 box, there is not problem, so it must be RHEL3 specific, but the fact that only one account suffers from this, alludes me. Maybe someone has seen this before?

  Read the article

• Does RVM "failover" to another ruby instance on error?

  - by JohnMetta

  Have a strange problem in that I have a Rake task that seems to be using multiple versions of Ruby. When one fails, it seems to try another one. Details MacBook running 10.6.5 rvm 1.1.0 Rubies: 1.8.7-p302, ree-1.8.7-2010.02, ruby-1.9.2-p0 Rake 0.8.7 Gem 1.3.7 Veewee (provisioning Virtual Machines using Opcode.com, Vagrant and Chef) I'm not entirely sure the specific details of the error matter, but since it might be an issue with Veewee itself. So, what I'm trying to do is build a new box base on a veewee definition. The command fails with an error about a missing method- but what's interesting is how it fails. Errors I managed to figure out that if I only have one Ruby installed with RVM, it just fails. If I have more than one Ruby install, it fails at the same place, but execution seems to continue in another interpreter. Here are two different clipped console outputs. I've clipped them for size. The full outputs of each error are available as a gist. One Ruby version installed Here is the command run when I only have a single version of Ruby (1.8.7) available in RVM boudica:veewee john$ rvm rake build['mettabox'] --trace rvm 1.1.0 by Wayne E. Seguin ([email protected]) [http://rvm.beginrescueend.com/] (in /Users/john/Work/veewee) ** Invoke build (first_time) ** Execute build … creating new harddrive rake aborted! undefined method `max_vdi_size' for #<VirtualBox::SystemProperties:0x102d6af80> /Users/john/.rvm/gems/ruby-1.8.7-p302/gems/virtualbox-0.8.3/lib/virtualbox/abstract_model/dirty.rb:172:in `method_missing' <------ stacktraces cut ----------> /Users/john/.rvm/gems/ruby-1.8.7-p302/gems/rake-0.8.7/bin/rake:31 /Users/john/.rvm/gems/ruby-1.8.7-p302@global/bin/rake:19:in `load' /Users/john/.rvm/gems/ruby-1.8.7-p302@global/bin/rake:19 Multiple Ruby Versions Here is the same command run with three versions of Ruby available in RVM. Prior to doing this, I used "rvm use 1.8.7." Again, I don't know how important the details of the specific errors are- what's interesting to me is that there are three separate errors- each with it's own stacktrace- and each in a different Ruby interpreter. Look at the bottom of each stacktrace and you'll see that they are all sourced from different interpreter locations- First ree-1.8.7, then ruby-1.8.7, then ruby-1.9.2: boudica:veewee john$ rvm rake build['mettabox'] --trace rvm 1.1.0 by Wayne E. Seguin ([email protected]) [http://rvm.beginrescueend.com/] (in /Users/john/Work/veewee) ** Invoke build (first_time) ** Execute build … creating new harddrive rake aborted! undefined method `max_vdi_size' for #<VirtualBox::SystemProperties:0x1059dd608> /Users/john/.rvm/gems/ree-1.8.7-2010.02/gems/virtualbox-0.8.3/lib/virtualbox/abstract_model/dirty.rb:172:in `method_missing' … /Users/john/.rvm/gems/ree-1.8.7-2010.02/gems/rake-0.8.7/bin/rake:31 /Users/john/.rvm/gems/ree-1.8.7-2010.02@global/bin/rake:19:in `load' /Users/john/.rvm/gems/ree-1.8.7-2010.02@global/bin/rake:19 (in /Users/john/Work/veewee) ** Invoke build (first_time) ** Execute build isofile ubuntu-10.04.1-server-amd64.iso is available ["a1b857f92eecaf9f0a31ecfc39dee906", "30b5c6fdddbfe7b397fe506400be698d"] [] Last good state: -1 Current step: 0 last good state -1 destroying machine+disks (re-)executing step 0-initial-a1b857f92eecaf9f0a31ecfc39dee906 VBoxManage: error: Machine settings file '/Users/john/VirtualBox VMs/mettabox/mettabox.vbox' already exists VBoxManage: error: Details: code VBOX_E_FILE_ERROR (0x80bb0004), component Machine, interface IMachine, callee nsISupports Context: "CreateMachine(bstrSettingsFile.raw(), name.raw(), osTypeId.raw(), Guid(id).toUtf16().raw(), FALSE , machine.asOutParam())" at line 247 of file VBoxManageMisc.cpp rake aborted! undefined method `memory_size=' for nil:NilClass /Users/john/Work/veewee/lib/veewee/session.rb:303:in `create_vm' /Users/john/Work/veewee/lib/veewee/session.rb:166:in `build' /Users/john/Work/veewee/lib/veewee/session.rb:560:in `transaction' /Users/john/Work/veewee/lib/veewee/session.rb:163:in `build' /Users/john/Work/veewee/Rakefile:87 /Users/john/.rvm/gems/ruby-1.8.7-p302/gems/rake-0.8.7/lib/rake.rb:636:in `call' /Users/john/.rvm/gems/ruby-1.8.7-p302/gems/rake-0.8.7/lib/rake.rb:636:in `execute' /Users/john/.rvm/gems/ruby-1.8.7-p302/gems/rake-0.8.7/lib/rake.rb:631:in `each' … /Users/john/.rvm/gems/ruby-1.8.7-p302/gems/rake-0.8.7/bin/rake:31 /Users/john/.rvm/gems/ruby-1.8.7-p302@global/bin/rake:19:in `load' /Users/john/.rvm/gems/ruby-1.8.7-p302@global/bin/rake:19 (in /Users/john/Work/veewee) ** Invoke build (first_time) ** Execute build isofile ubuntu-10.04.1-server-amd64.iso is available ["a9c4ab3257e1da3479c984eae9905c2a", "30b5c6fdddbfe7b397fe506400be698d"] [] Last good state: -1 Current step: 0 last good state -1 (re-)executing step 0-initial-a9c4ab3257e1da3479c984eae9905c2a VBoxManage: error: Machine settings file '/Users/john/VirtualBox VMs/mettabox/mettabox.vbox' already exists VBoxManage: error: Details: code VBOX_E_FILE_ERROR (0x80bb0004), component Machine, interface IMachine, callee nsISupports Context: "CreateMachine(bstrSettingsFile.raw(), name.raw(), osTypeId.raw(), Guid(id).toUtf16().raw(), FALSE , machine.asOutParam())" at line 247 of file VBoxManageMisc.cpp rake aborted! undefined method `memory_size=' for nil:NilClass /Users/john/Work/veewee/lib/veewee/session.rb:303:in `create_vm' /Users/john/Work/veewee/lib/veewee/session.rb:166:in `block in build' /Users/john/Work/veewee/lib/veewee/session.rb:560:in `transaction' /Users/john/Work/veewee/lib/veewee/session.rb:163:in `build' /Users/john/Work/veewee/Rakefile:87:in `block in <top (required)>' /Users/john/.rvm/rubies/ruby-1.9.2-p0/lib/ruby/1.9.1/rake.rb:634:in `call' /Users/john/.rvm/rubies/ruby-1.9.2-p0/lib/ruby/1.9.1/rake.rb:634:in `block in execute' … /Users/john/.rvm/rubies/ruby-1.9.2-p0/lib/ruby/1.9.1/rake.rb:2013:in `top_level' /Users/john/.rvm/rubies/ruby-1.9.2-p0/lib/ruby/1.9.1/rake.rb:1992:in `run' /Users/john/.rvm/rubies/ruby-1.9.2-p0/bin/rake:35:in `<main>' It isn't until we reach the last installed version of Ruby that execution halts. Discussion Does anyone have any idea what's going on here? Has anyone seen this "failover"-like behavior before? It seems strange to me that the first exception would not halt execution as it did with one interpreter, but I wonder if there are things happening when RVM is installed that we Ruby developers are not considering.

  Read the article

• Codeigniter active record select, left join, count

  - by sea_1987

  Hi There, I have a form that shows results from a database query, these results can have many other assets ajoined to them and I wanting to find a way of showing how many assets each elemement has. For example my table is of areas of england an other table has where the users live I current have this code, $this->db->select('*'); $this->db->from('places'); $this->db->join('users, places.place_id = user.place_id, left'); $this->db->get(); The issue I am having is getting the query to return the place name and the number of users living in that place, it is possible?

  Read the article

• PHP/MySQL User system w/ groups.

  - by Ben C

  I have a user system set up in a 'users' table, and I have groups set up in a 'groups' table. Essentially, I want users to be able to join any and all the groups that they want, in the same was as one would on facebook. How would one go about structuring this in a mysql/php database system? Just a quick summary would be helpful! I've looked around, but I can only find info on creating 'groups' where the users just have a sort of 1, 2 or 3 permission rank. Thanks!

  Read the article

• How do i remove a password expiration policy?

  - by jimmygee

  We had a password expiration policy recently removed from our AD but some users continued to get the "..your password will expire in x days. would you like to change it now?" message. So we added a reverse/undo policy to correct the local registry settings Maximum password age = 0 days Minimum password age = 0 days This hasn't worked as new users still seem to encounter the above "change password" message sporadically. We have now removed all custom password policy GPOs and are left with the "Default Domain Policy". Still no good. Can someone point me in the direction to fix this? And an explanation into what i was doing wrong (/how password expiration policies apply) would be useful too. thanks Environment is 2k3 server with mostly XPsp2 clients.

  Read the article

• Windows server 2008 issue

  - by Matt Fitz

  We have 2 domains “pdc1” and “devkc” both are windows 2000 Active Directory domains with a 2-way trust relationship in place., has been this way for years. All of our developer machines are joined to the “devkc” domain but the users log into there accounts on the “pdc1” domain. This all works fine with Windows XP, 2000 and 2003 server. However with Windows Server 2008 the users can only log into the “devkc” domain that the machine is joined to, they can not log into the “pdc1” domain. The following error results: "The security database on this server does not have a computer account for this workstation trust relationship” Any ideas would be greatly appreaciated Thanks Matt Fitz

  Read the article

• Grant access for users on a separate domain to SharePoint

  - by Geo Ego

  Hello. I just completed development of a SharePoint site on a virtual server and am currently in the process of granting users from a different domain to the site. The SharePoint domain is SHAREPOINT, and the domain with the users I want to give access to is COMPANY. I have provided them with a link to the site and added them as users via SharePoint, which is all I thought I would need to do. However, when they go to the link, the site shows them a SharePoint error page. In the security event log, I am showing the following: Event Type: Failure Audit Event Source: Security Event Category: Object Access Event ID: 560 Date: 3/18/2010 Time: 11:11:49 AM User: COMPANY\ThisUser Computer: SHAREPOINT Description: Object Open: Object Server: Security Account Manager Object Type: SAM_ALIAS Object Name: DOMAINS\Account\Aliases\00000404 Handle ID: - Operation ID: {0,1719489} Process ID: 416 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: SHAREPOINT$ Primary Domain: COMPANY Primary Logon ID: (0x0,0x3E7) Client User Name: ThisUser Client Domain: PRINTRON Client Logon ID: (0x0,0x1A3BC2) Accesses: AddMember RemoveMember ListMembers ReadInformation Privileges: - Restricted Sid Count: 0 Access Mask: 0xF Then, four of these in a row: Event Type: Failure Audit Event Source: Security Event Category: Object Access Event ID: 560 Date: 3/18/2010 Time: 11:12:08 AM User: NT AUTHORITY\NETWORK SERVICE Computer: SHAREPOINT Description: Object Open: Object Server: SC Manager Object Type: SERVICE OBJECT Object Name: WinHttpAutoProxySvc Handle ID: - Operation ID: {0,1727132} Process ID: 404 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: SHAREPOINT$ Primary Domain: COMPANY Primary Logon ID: (0x0,0x3E7) Client User Name: NETWORK SERVICE Client Domain: NT AUTHORITY Client Logon ID: (0x0,0x3E4) Accesses: Query status of service Start the service Query information from service Privileges: - Restricted Sid Count: 0 Access Mask: 0x94 Any ideas what permissions I need to grant to the user to get them access to SharePoint?

  Read the article

• VSFTPD does not allow upload with virtual users

  - by Mr. Squig

  I am attempting to setup VSFTPD with virtual users on a server running Ubuntu 12.04. I have configured the server to allow for virtual users to login, but I am having trouble getting it to allow uploads. My vsftpd.conf is as follows: listen=YES anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 anon_upload_enable=YES dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES virtual_use_local_privs=YES guest_enable=YES guest_username=virtual user_sub_token=$USER local_root=/var/www/$USER hide_ids=YES secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd rsa_cert_file=/etc/ssl/private/vsftpd.pem /etc/pam.d/vsftpd contains: auth required pam_pwdfile.so pwdfile /etc/vsftpd.passwd crypt=hash account required pam_permit.so crypt=hash I have two virtual users set up, one of which has the same name as a local user. They each have a directory in /var/www/ owned by 'virtual'. As I understand it, when a virtual user logs in this way they will appear to the system as the user virtual. Using this configuration user can log on, but cannot upload files. The error given in /var/log/vsftpd.log is: Tue Nov 20 19:49:00 2012 [pid 2] CONNECT: Client "96.233.116.53" Tue Nov 20 19:49:07 2012 [pid 1] [zac] OK LOGIN: Client "96.233.116.53" Tue Nov 20 19:49:11 2012 [pid 2] CONNECT: Client "96.233.116.53" Tue Nov 20 19:49:11 2012 [pid 1] [zac] OK LOGIN: Client "96.233.116.53" Tue Nov 20 19:49:11 2012 [pid 3] [zac] FAIL CHMOD: Client "96.233.116.53", "/test.ppm 644" I have tried changing the permissions of these directories in all sorts of ways, but nothing seem to work. I have a feeling that it is something simple related to permissions. Any ideas?

  Read the article

• Multi-Role Domain Controllers for Small Offices (< 50 clients)

  - by kce

  Warning: I'm a Linux/*NIX admin so this is all new to me. I understand that it's not considered a good idea to have only a single domain controller, and that it is also probably a good idea for a domain controller to only do AD/DHCP/DNS (Here). We have two offices, location A with 30 users and location B with 10 users. Our two offices are separated by a WAN that is not particularly robust so I have be instructed that we need to have standalone services in each office. This means that according to "best practices" we will need to build a domain controller and a separate file server in each office. Again, I am not knowledgeable in the ways of Windows but this seems a little unnecessary for an organization of 40 users. People have commented that I could "get away with" running file services on the domain controller as long as the "load is light". That just seems to generate more questions than it answers. What constitutes light load? What are the potential consequences of mixing these roles? Ideally I would prefer to only have one physical machine at each location. The one in location A (the location with IT staff) can act as the primary domain controller and the one in the smaller office can act as the backup domain controller. If either domain controller fails we can still use the other one for authentication (albeit with some latency) and if the WAN connection fails each office still has access to their respective "local" domain controller. If the file services are ALSO run on each server (and synchronized with something like DFS), a similar arrangement in terms of redundancy can be had without having to purchase, build and install two additional separate servers. It's not that I'm adverse to that (well, any more adverse than I am to whole thing to begin with) but to my simple mind it just seems, well a bit overkill. I can definitely see the benefits of functional separation when we're talking larger organizations, but I need to consider the additional overhead too. None of this excludes having a DRP setup for the domain controller/s. I assume you can lose two domain controllers just as easily as one.

  Read the article

• Users loggin to 3Com switches authenticated by radius not getting admin priv and no access available

  - by 3D1L

  Hi, Following the setup that I have for my Cisco devices, I got some basic level of functionality authenticating users that loggin to 3Com switches authenticated against a RADIUS server. Problem is that I can not get the user to obtain admin privileges. I'm using Microsoft's IAS service. According to 3Com documentation when configuring the access policy on IAS the value of 010600000003 have to be used to specify admin access level. That value have to be input in the Dial-in profile section: 010600000003 - indicates admin privileges 010600000002 - manager 010600000001 - monitor 010600000000 - visitor Here is the configuration on the switch: radius scheme system server-type standard primary authentication XXX.XXX.XXX.XXX accounting optional key authentication XXXXXX key accounting XXXXXX domain system scheme radius-scheme system local-user admin service-type ssh telnet terminal level 3 local-user manager service-type ssh telnet terminal level 2 local-user monitor service-type ssh telnet terminal level 1 The configuration is working with the IAS server because I can check user login events with the Eventviewer tool. Here is the output of the DISPLAY RADIUS command at the switch: [4500]disp radius SchemeName =system Index=0 Type=standard Primary Auth IP =XXX.XXX.XXX.XXX Port=1645 State=active Primary Acct IP =127.0.0.1 Port=1646 State=active Second Auth IP =0.0.0.0 Port=1812 State=block Second Acct IP =0.0.0.0 Port=1813 State=block Auth Server Encryption Key= XXXXXX Acct Server Encryption Key= XXXXXX Accounting method = optional TimeOutValue(in second)=3 RetryTimes=3 RealtimeACCT(in minute)=12 Permitted send realtime PKT failed counts =5 Retry sending times of noresponse acct-stop-PKT =500 Quiet-interval(min) =5 Username format =without-domain Data flow unit =Byte Packet unit =1 Total 1 RADIUS scheme(s). 1 listed Here is the output of the DISPLAY DOMAIN and DISPLAY CONNECTION commands after users log into the switch: [4500]display domain 0 Domain = system State = Active RADIUS Scheme = system Access-limit = Disable Domain User Template: Idle-cut = Disable Self-service = Disable Messenger Time = Disable Default Domain Name: system Total 1 domain(s).1 listed. [4500]display connection Index=0 ,Username=admin@system IP=0.0.0.0 Index=2 ,Username=user@system IP=xxx.xxx.xxx.xxx On Unit 1:Total 2 connections matched, 2 listed. Total 2 connections matched, 2 listed. [4500] Here is the DISP RADIUS STATISTICS: [4500] %Apr 2 00:23:39:957 2000 4500 SHELL/5/LOGIN:- 1 - ecajigas(xxx.xxx.xxx.xxx) in un it1 logindisp radius stat state statistic(total=1048): DEAD=1046 AuthProc=0 AuthSucc=0 AcctStart=0 RLTSend=0 RLTWait=2 AcctStop=0 OnLine=2 Stop=0 StateErr=0 Received and Sent packets statistic: Unit 1........................................ Sent PKT total :4 Received PKT total:1 Resend Times Resend total 1 1 2 1 Total 2 RADIUS received packets statistic: Code= 2,Num=1 ,Err=0 Code= 3,Num=0 ,Err=0 Code= 5,Num=0 ,Err=0 Code=11,Num=0 ,Err=0 Running statistic: RADIUS received messages statistic: Normal auth request , Num=1 , Err=0 , Succ=1 EAP auth request , Num=0 , Err=0 , Succ=0 Account request , Num=1 , Err=0 , Succ=1 Account off request , Num=0 , Err=0 , Succ=0 PKT auth timeout , Num=0 , Err=0 , Succ=0 PKT acct_timeout , Num=3 , Err=1 , Succ=2 Realtime Account timer , Num=0 , Err=0 , Succ=0 PKT response , Num=1 , Err=0 , Succ=1 EAP reauth_request , Num=0 , Err=0 , Succ=0 PORTAL access , Num=0 , Err=0 , Succ=0 Update ack , Num=0 , Err=0 , Succ=0 PORTAL access ack , Num=0 , Err=0 , Succ=0 Session ctrl pkt , Num=0 , Err=0 , Succ=0 RADIUS sent messages statistic: Auth accept , Num=0 Auth reject , Num=0 EAP auth replying , Num=0 Account success , Num=0 Account failure , Num=0 Cut req , Num=0 RecError_MSG_sum:0 SndMSG_Fail_sum :0 Timer_Err :0 Alloc_Mem_Err :0 State Mismatch :0 Other_Error :0 No-response-acct-stop packet =0 Discarded No-response-acct-stop packet for buffer overflow =0 The other problem is that when the RADIUS server is not available I can not log in to the switch. The switch have 3 local accounts but none of them works. How can I specify the switch to use the local accounts in case that the RADIUS service is not available?

  Read the article

• Powershell script for setting password expiry

  - by Pierre E

  Due to mistakes by the helpdesk staff, I found that over a 100 user accounts in my company AD have been set so that their passwords never expire. To avoid the situation in which all these users suddenly find themselves unable to log in, I want to run a script to set the password expiry to a specified date. I'm using Quest AD cmdlets, but I've only used powershell for simple scripts to get lists of users. The attribute I'm trying to modify is 'PasswordStatus' and I want to set those with this attribute set as "password never expires' to a specific date. Not much of a scripting guy, so any help in this would be most welcome.

  Read the article

• Setting user calendar permissions on Exchange 2007

  - by blizz

  We have Exchange 2007 with about 100 users. I would like to change everyone's free/busy permissions to grant Reviewer status to a specific AD group. I have tried PFDAVAdmin tool but when I commit any changes, they do not affect the users. If I grant myself Reviewer permissions to another user's calendar using the tool, I still cannot view that user's free/busy details, and I also don't show up on the list of people with permissions on that user's Outlook calendar options. It seems like PFDAVAdmin simply appears to do something, but doesn't actually change anything. Is there any other way for me to accomplish what I need to do? Or is there something I may not be doing right with PFDAVAdmin? FYI I have followed directions from this link: http://exchangeshare.wordpress.com/2008/05/27/faq-give-calendar-read-permission-on-all-mailboxes-pfdavadmin/

  Read the article

• Cross domain LDAP

  - by Adam

  For a system we are developing we have 2 domains an internal and an external domain with bi directional trust between them. However the servers are only able to connect to their own DC's. We have an application server on the internal domain which needs to use an LDAP query to gather a list of users from a group on the external domain. How do i go about writing an LDAP query that asks one DC to go ask another DC for a list of users. I tried querying the internal DC with the same LDAP query I would use if it could hit the external DC directly but this does not work. When i use Softerra LDAP Administraor I can view the full hierarchy of the interal domain but despite the trust relationship between domains i am unable to see any of the external doamin. Any suggestions or help would be greatly appreciated

  Read the article

• Best way to find the computer a user last logged on from?

  - by Garrett

  I am hoping that somewhere in Active Directory the "last logged on from [computer]" is written/stored, or there is a log I can parse out? The purpose of wanting to know the last PC logged on from is for offering remote support over the network - our users move around pretty infrequently, but I'd like to know that whatever I'm consulting was updating that morning (when they logged in, presumably) at minimum. I'm also considering login scripts that write the user and computer names to a known location I can reference, but some of our users don't like to logout for 15 days at a time. If there is an elegant solution that uses login scripts, definitely mention it - but if it happens to work for merely unlocking the station, that would be even better!

  Read the article

• Windows 8 - no internet connetction to some hosts while VPN is active

  - by HTD

  I use VPN to access the servers at work. When VPN is used, all network traffic to the Internet passes through my company network. It worked without any problems on Windows 7, now on Windows 8 some sites suddenly became inaccessible. Please note - I don't try to connect them over RDP, they are public Internet addresses, outside company network. They are inaccessible using any protocol. Ping returns "General failure.". I know it could be a misconfiguration on my company's server side, but it's very strange, since the same VPN connection used on Windows 7 works properly. What's wrong? Is it a Windows 8 bug, or is there something I could do on my company servers to make VPN work as expected with Windows 8? My company network works on Windows Server 2008 R2 and uses Microsoft TMG firewall. I couldn't find any rules blocking the traffic to mentioned sites, all network traffic for VPN users are passed through for all IPs and protocols. Any clues? UDPATE: Important - one whole day it worked. I hibernated and restarted the computer, connected and disconnected VPN - nothing could break my connection. Today it broke again, and restarting Windows didn't help. And now the solution: route add -p 0.0.0.0 MASK 255.255.255.255 192.168.1.1 Oh, OK, I know what it did, added my default gateway to routing table. But it still didn't work sometimes. So I removed my main network gateway route with: route delete -p 0.0.0.0 MASK 0.0.0.0 192.168.0.1 And added modified with: route add -p 0.0.0.0 MASK 255.255.255.255 192.168.0.1 And it works. Now. But I don't trust this. I don't know what really happened.

  Read the article

• Apache directive for authenticated users?

  - by Alex Leach

  Using Apache 2.2, I would like to use mod_rewrite to redirect un-authenticated users to use https, if they are on http.. Is there a directive or condition one can test for whether a user is (not) authenticated? For example, I could have set up the restricted /foo location on my server:- <Location "/foo/"> Order deny,allow # Deny everyone, until authenticated... Deny from all # Authentication mechanism AuthType Basic AuthName "Members only" # AuthBasicProvider ... # ... Other authentication stuff here. # Users must be valid. Require valid-user # Logged-in users authorised to view child URLs: Satisfy any # If not SSL, respond with HTTP-redirect RewriteCond ${HTTPS} off RewriteRule /foo/?(.*)$ https://${SERVER_NAME}/foo/$2 [R=301,L] # SSL enforcement. SSLOptions FakeBasicAuth StrictRequire SSLRequireSSL SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 </Location> The problem here is that every file, in every subfolder, will be encrypted. This is quite unnecessary, but I see no reason to disallow it. What I would like is the RewriteRule to only be triggered during authentication. If a user is already authorised to view a folder, then I don't want the RewriteRule to be triggered. Is this possible? EDIT: I am not using any front-end HTML here. This is only using Apache's built-in directory browsing interface and its in-built authentication mechanisms. My <Directory> config is: <Directory ~ "/foo/"> Order allow,deny Allow from all AllowOverride None Options +Indexes +FollowSymLinks +Includes +MultiViews IndexOptions +FancyIndexing IndexOptions +XHTML IndexOptions NameWidth=* IndexOptions +TrackModified IndexOptions +SuppressHTMLPreamble IndexOptions +FoldersFirst IndexOptions +IgnoreCase IndexOptions Type=text/html </Directory>

  Read the article

• squid3 auth thru samba using ntlm to AD doesn't work

  - by derty

  some users here are spending to much time exploring the WWW. So big boss whats to get this under control. We use a squid3 just for some security reason and chace benefits. and now i'm trying to set up a new proxy on a different server (Debian 6) Permissions are defined in AC and the squid3 should get the auth thru samba/winbind by using the ntlm protocol. but i'll get all the time Access, denited. it only works by using LDAP but thats not the way i need it. here some log and confs squid access.log 1326878095.784 1 192.168.15.27 TCP_DENIED/407 4049 GET http://at.msn.com/? -NONE/- text/html 1326878095.791 1 192.168.15.27 TCP_DENIED/407 4294 GET http://at.msn.com/? - NONE/- text/html 1326878095.803 9 192.168.15.27 TCP_DENIED/403 4028 GET http://at.msn.com/? kavan NONE/- text/html 1326878095.848 0 192.168.15.27 TCP_DENIED/403 3881 GET http://www.squid-cache.org/Artwork/SN.png kavan NONE/- text/html 1326878100.279 0 192.168.15.27 TCP_DENIED/403 3735 GET http://www.google.at/ kavan NONE/- text/html 1326878100.296 0 192.168.15.27 TCP_DENIED/403 3870 GET http://www.squid-cache.org/Artwork/SN.png kavan NONE/- text/html 1326878155.700 0 192.168.15.27 TCP_DENIED/407 4072 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml - NONE/- text/html 1326878155.705 2 192.168.15.27 TCP_DENIED/407 4317 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml - NONE/- text/html 1326878155.709 3 192.168.15.27 TCP_DENIED/403 4026 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml kavan NONE/- text/html squid chace 2012/01/18 10:12:49| Creating Swap Directories 2012/01/18 10:12:49| Starting Squid Cache version 3.1.6 for x86_64-pc-linux-gnu... 2012/01/18 10:12:49| Process ID 17236 2012/01/18 10:12:49| With 65535 file descriptors available 2012/01/18 10:12:49| Initializing IP Cache... 2012/01/18 10:12:49| DNS Socket created at [::], FD 7 2012/01/18 10:12:49| DNS Socket created at 0.0.0.0, FD 8 2012/01/18 10:12:49| Adding nameserver 192.168.15.2 from /etc/resolv.conf 2012/01/18 10:12:49| Adding nameserver 192.168.15.19 from /etc/resolv.conf 2012/01/18 10:12:49| Adding nameserver 192.168.15.1 from /etc/resolv.conf 2012/01/18 10:12:49| Adding domain schoenbrunn.local from /etc/resolv.conf 2012/01/18 10:12:49| helperOpenServers: Starting 5/5 'squid_ldap_auth' processes 2012/01/18 10:12:49| helperOpenServers: Starting 10/10 'ntlm_auth' processes 2012/01/18 10:12:49| helperOpenServers: Starting 10/10 'squid_kerb_auth' processes 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| helperOpenServers: Starting 5/5 'squid_ldap_group' processes 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| Unlinkd pipe opened on FD 73 2012/01/18 10:12:49| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2012/01/18 10:12:49| Store logging disabled 2012/01/18 10:12:49| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2012/01/18 10:12:49| Target number of buckets: 1008 2012/01/18 10:12:49| Using 8192 Store buckets 2012/01/18 10:12:49| Max Mem size: 262144 KB 2012/01/18 10:12:49| Max Swap size: 0 KB 2012/01/18 10:12:49| Using Least Load store dir selection 2012/01/18 10:12:49| Set Current Directory to /var/spool/squid3 2012/01/18 10:12:49| Loaded Icons. 2012/01/18 10:12:49| Accepting HTTP connections at [::]:3128, FD 74. 2012/01/18 10:12:49| HTCP Disabled. 2012/01/18 10:12:49| Squid modules loaded: 0 2012/01/18 10:12:49| Adaptation support is off. 2012/01/18 10:12:49| Ready to serve requests. 2012/01/18 10:12:50| storeLateRelease: released 0 objects smb.conf # Domain Authntication Settings workgroup = <WORKGROUP> security = ads password server = <DOMAINNAME>.LOCAL realm = <DOMAINNAME>.LOCAL ldap ssl = no # logging log level = 5 max log size = 50 # logs split per machine log file = /var/log/samba/%m.log # max 50KB per log file, then rotate ; max log size = 50 # User settings username map = /etc/samba/smbusers idmap uid = 10000-20000000 idmap gid = 10000-20000000 idmap backend = ad ; template primary group = <ad group> template shell = /sbin/nologin # Winbind Settings winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind netsted groups = Yes winbind nested groups = Yes winbind cache time = 10 winbind use default domain = Yes #Other Globals unix charset = LOCALE server string = <SERVERNAME> load printers = no printing = cups cups options = raw ; printcap name = /etc/printcap #obtain list of printers automatically on SystemV ; printcap name = lpstat ; printing = cups squid.conf auth_param ntlm program /usr/bin/ntlm_auth --require-membership-of=<DOMAINNAME>\\INTERNETZ --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 10 auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b "dc=<dcname>,dc=local" -D "cn=administrator,cn=Users,dc=<domainname>,dc=local" -w "******" -f sAMAccountName=%s -h 192.168.15.19:3268 auth_param basic realm "Proxy Authentifizierung. Bitte geben Sie Ihren Benutzername und Ihr Passwort ein!" #means insert you PW in an other language - # external_acl_type InetGroup %LOGIN /usr/lib/squid3/squid_ldap_group -R -b "dc=<domainname>,dc=local" -D "cn=administrator,cn=Users,dc=<domainname>,dc=local" -w "******" -f "(&(objectclass=person)(sAMAccountName=%v) (memberof=cn=%a,cn=internetz,dc=<domainname>,dc=local))" -h 192.168.15.19:3268 auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d auth_param negotiate children 10 auth_param negotiate keep_alive on acl localnet proxy_auth REQUIRED acl InetAccess external InetGroup Internetz http_access allow InetAccess http_access deny all acl auth proxy_auth REQUIRED http_access allow auth and a very suspicious is that by adding the proxy server to the Domain i see 2 new entries in the PC one with the original computer-name leopoldine and one with leopoldine CNF:f8efa4c4-ff0e-4217-939d-f1523b43464d ?!? I tried a lot, really... but i stuck on this problem... i actually i even reinstalled all dependent programs and reconfigured them from default. Group exists and has me in it. Firefox running on the old proxy and i use IE for testing the new one. But i'll get all the time Access-Denited and to be honest i'm quite a beginner, so please don't be to prude. I'll interested in improving, i'll get the information we need to fix this but i started working 2 month ago and got only 1 1/2 year's training and not a single sec. in linux ;)

  Read the article

• Deployment and Ownership issues

  - by kylemac

  As an extreme newbie, I am having difficulty managing ownership and permissions on my first box. What I can't figure out is how to deploy using one user, we will call him deploy and operate my php application with www-data user. Currently as it stands, I know my server runs as www-data through this function <?php echo(exec("whoami")); ?> but I am having to chown between deploy and www-data every time I deploy. There has got to be an easier way to deploy with one user and still run as www-data. EDIT: Here is the output from ls- l on the folder in question. You will see user deploy and group www-pub, the group is from an attempt to add the two different users to a new group and chown one of them in the hopes that they both would have the permissions (newb alert) drwxrwxr-x 4 deploy www-pub 4096 Mar 7 01:41 example.com I am using capistrano for deployment under the user deploy then once its done i chown to www-data, otherwise I can't use php to manipulate files. I am also unsure how to even change which user apache is running.

  Read the article

• How to deploy SQL Server 2005 Reporting Services on a network without a domain server?

  - by ti

  I have a small Windows network (~30 machines) and I need to deploy SQL Server 2005 Reporting Services. Because I use SQL Server Standard Edition and not Enterprise, I am forced to use Windows Authentication to the users. I am a Linux admin, and have near zero knowledge on Active Directory. As deep as my shallow knowledge goes, I think that I would need to invest in a domain server, a mirrored backup of that domain server. I think that I need to change every computer to use this domain too, and if the domain server goes down, every computer will be unavailable. Is there a easier way to deploy Windows Authentication so that users can access Reporting Services from their computers without changing the infra-structure that much? Thanks!

  Read the article

• AD LDS High availability

  - by user792974

  We are currently using CAS for multiple directory authentication. AD for internal users, AD LDS for external users. I've read that NLB is a possible solution, but wondering if this is possible with SRV records, and how about you would correctly configure that. With our AD directory, I can bind with olddomain.local, and hit any of the DCs in the domain. We don't want to hardcode servernames into CAS, so the end goal is to bind with LDSdomain.gov. nslookup -type=srv _ldap._tcp.LDSdomain.gov returns _ldap._tcp.LDSdomain.gov SRV service location: priority = 0 weight = 100 port = 1025 svr hostname = server01 _ldap._tcp.LDSdomain.gov SRV service location: priority = 0 weight = 200 port = 1025 svr hostname = server02

  Read the article

< Previous Page | 50 51 52 53 54 55 56 57 58 59 60 61  | Next Page >