Search Results

Search found 9696 results on 388 pages for 'proxy authentication'.

Page 54/388 | < Previous Page | 50 51 52 53 54 55 56 57 58 59 60 61  | Next Page >

  • How to configure Windows user accounts for ODBC network with NT authentication?

    - by Ian Mackinnon
    I'm trying to create a connection to an SQL Server database from the ODBC Data Source Administrator using "Windows NT authentication using the network login ID". Both server and client are running Windows XP. It appears that any account with administrator privileges can add the data source on the server*, though connection attempts from the client result in error messages that suggest it is trying to authenticate using a guest account. I found a Microsoft support page that says: For SQL Server...: connect using the impersonated user account. But it doesn't offer advice about how to do that. How do I impersonate a user account on the server? or (since it sounds like that would lead to an unfortuante squashing of privileges and loss of accountability): How do I give an account on the client privileges on the server database and then ensure the client attempts authentication with the privileged account and not with a guest account? I'm aware that I'm providing rather sparse information. This is because I'm in unfamiliar territory and don't know what's pertinent. I'll attempt to add any requested information as quickly as possible. *I'm planning on tightening privileges straight after I get it working as it stands.

    Read the article

  • Cisco ASA user authentication options - OpenID, public RSA sig, others?

    - by Ryan
    My organization has a Cisco ASA 5510 which I have made act as a firewall/gateway for one of our offices. Most resources a remote user would come looking for exist inside. I've implemented the usual deal - basic inside networks with outbound NAT, one primary outside interface with some secondary public IPs in the PAT pool for public-facing services, a couple site-to-site IPSec links to other branches, etc. - and I'm working now on VPN. I have the WebVPN (clientless SSL VPN) working and even traversing the site-to-site links. At the moment I'm leaving a legacy OpenVPN AS in place for thick client VPN. What I would like to do is standardize on an authentication method for all VPN then switch to the Cisco's IPSec thick VPN server. I'm trying to figure out what's really possible for authentication for these VPN users (thick client and clientless). My organization uses Google Apps and we already use dotnetopenauth to authenticate users for a couple internal services. I'd like to be able to do the same thing for thin and thick VPN. Alternatively a signature-based solution using RSA public keypairs (ssh-keygen type) would be useful to identify user@hardware. I'm trying to get away from legacy username/password auth especially if it's internal to the Cisco (just another password set to manage and for users to forget). I know I can map against an existing LDAP server but we have LDAP accounts created for only about 10% of the user base (mostly developers for Linux shell access). I guess what I'm looking for is a piece of middleware which appears to the Cisco as an LDAP server but will interface with the user's existing OpenID identity. Nothing I've seen in the Cisco suggests it can do this natively. But RSA public keys would be a runner-up, and much much better than standalone or even LDAP auth. What's really practical here?

    Read the article

  • What is the correct authentication mechanism when there are users inside and outside the domain?

    - by Gary Barrett
    We have a Windows 7 enterprise desktop data entry app for mobile (laptop) users with local SQL Express 2008 R2 Express db that syncs data with an SQL Server 2008 R2 Server db. Authentication is required before syncing the data. The existing group of users are part of the organisation's domain so normal scenario and they connect to the Sql Server directly. But there are plans for a second group of app users who belong to various partner organisations so they are outside our domain and have their own various separate domains/accounts. The aim is to deploy the desktop app to them and they will periodically sync data to our SQL Server. What I am uncertain of: Is it possible to authenticate users from another domain? Can permissions be managed via Active Directory etc? Which authentication protocol should be used in this scenario? Windows, Forms, SQL, etc? The IT people are requesting users of the system be managed via Active Directory. Is it possible to manage the external domain users access via Active Directory?

    Read the article

  • Apache + Tomcat: Which one should handle SSL? IP-based proxy forwarding?

    - by delirial
    We currently have a Tomcat application running with SSL on port 443. Right now we have an apache server that accepts http requests on port 80 and redirects to the Tomcat instance: <VirtualHost *:80> ServerName domain.com ServerAlias domain.com <LocationMatch "/"> Redirect permanent / https://domain.com/ </LocationMatch> </VirtualHost> Tomcat is handling SSL, because there's no proxy, just a simple redirect to the SSL port: <Connector port="443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/app/ssl/domain_com.jks" keystorePass="ourpassword" clientAuth="false" sslProtocol="TLS"/> We want to begin using the apache web server as a proxy and additionally, do per-IP redirects to certain apps that should only be used by hosts on a pre-determined IP range. We would also like to redirect IPs that don't match the pre-determined list to a static html page hosted on the apache server. My first question is: Should I continue to handle SSL on Tomcat's end, or should I use apache with SSL while forwarding to an "unprotected" tomcat port? Is there any way to redirect to different apps (and potentially hosts) depending on the incoming IP? thanks, del

    Read the article

  • ldap-authentication without sambaSamAccount on linux smb/cifs server (e.g. samba)

    - by umlaeute
    i'm currently running samba-3.5.6 on a debian/wheezy host to act as the fileserver for our department's w32-clients. authentication is done via OpenLDAP, where each user-dn has an objectclass:sambaSamAccount that holds the smb-credentials and an objectclass:shadowAccount/posixAccount for "ordinary" authentication (e.g. pam, apache,...) now we would like to dump our department's user-db, and instead use authenticate against the user-db of our upstream-organisation. these user-accounts are managed in a novell-edirectory, which i can already use to authenticate using pam (e.g. for ssh-logins; on another host). our upstream organisation provides smb/cifs based access (via some novell service) to some directories, which i can access from my linux client via smbclient. what i currently don't manage to do is to use the upstream-ldap (the eDirectory) to authenticate our institution's samba: i configured my samba-server to auth against the upstream ldap server: passdb backend = ldapsam:ldaps://ldap.example.com but when i try to authenticate a user, i get: $ smbclient -U USER \\\\SMBSERVER\\test Enter USER's password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.6] tree connect failed: NT_STATUS_ACCESS_DENIED the logfiles show: [2012/10/02 09:53:47.692987, 0] passdb/secrets.c:350(fetch_ldap_pw) fetch_ldap_pw: neither ldap secret retrieved! [2012/10/02 09:53:47.693131, 0] lib/smbldap.c:1180(smbldap_connect_system) ldap_connect_system: Failed to retrieve password from secrets.tdb i see two problems i'm having: i don't have any administrator password for the upstream ldap (and most likely, they won't give me one). i only want to authenticate my users, write-access is not needed at all. can i go away with that? the upstream ldap does not have any samba-related attributes in the db. i was under the impression, that for samba to authenticate, those attributes are required, as smb/cifs uses some trivial hashing which is not compatible with the usual posixAccount hashes. is there a way for my department's samba server to authenticate against such an ldap server?

    Read the article

  • Can nginx be an mail proxy for a backend server that does not accept cleartext logins?

    - by 84104
    Can Nginx be an mail proxy for a backend server that does not accept cleartext logins? Preferably I'd like to know what directive to include so that it will invoke STARTTLS/STLS, but communication via IMAPS or POP3S is sufficient. relevant(?) section of nginx.conf mail { auth_http localhost:80/mailproxy/auth.php; proxy on; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 SSLv3; ssl_ciphers HIGH:!ADH:!MD5:@STRENGTH; ssl_session_cache shared:TLSSL:16m; ssl_session_timeout 10m; ssl_certificate /etc/ssl/private/hostname.crt; ssl_certificate_key /etc/ssl/private/hostname.key; imap_capabilities "IMAP4rev1" "UIDPLUS"; server { protocol imap; listen 143; starttls on; } server { protocol imap; listen 993; ssl on; } pop3_capabilities "TOP" "USER"; server { protocol pop3; listen 110; starttls on; pop3_auth plain; } server { protocol pop3; listen 995; ssl on; pop3_auth plain; } }

    Read the article

  • Can anyone help me make my reverse proxy actually cache?

    - by Lenary
    Hi folks, I'm trying to configure a Reverse Caching Proxy but so far have had no luck. I would preferrably like to use apache (that will be all it will be used for), but am open to solutions using other software that can also run on Mac OS X 10.6 (I have also tried using Varnish and Squid, but with no more luck). We're running a system with about 80 mac mini clients that will be requesting lots of video from a server. To reduce load, we thought we could use Apache (which comes on the macs by default) to cache this video forever (or at least as long as possible) onto the macs' disks. I have managed to get a reverse proxy set up with apache using ProxyPass etc, but when i tried to add CacheEnable disk / to the configuration, nothing happened (i do have mod_disk_cache included). Can anyone help with my issue? The apache config file is here Thanks in advance Edit: So far I have been testing it with smaller text files, and it hasn't been caching properly. This suggests it is nothing to do with us actually downloading video, but actually to do with the cache configuration.

    Read the article

  • How to setup IIS 7.5 Reverse Proxy for quite a few internal servers - Server Farm?

    - by Tim Murphree
    I have tried for a few days, but I'm lost. Here's what I'm trying to do: I want to setup an IIS 7.5 as a Reverse Proxy for about 30 internal HTTP servers, located on my internal LAN. Everything is running on port 80. The internal servers are really IP based webcams. Here is scenario: www.mycamserver.com/cam1 192.168.1.101 www.mycamserver.com/cam2 192.168.1.102 and so on, until.. www.mycamserver.com/cam30 192.168.1.130 I have installed ARR and URL Rewrite. So far, I have managed, at one time, to seem to forward an incoming URL to an internal server, but the page would not fully load (error 404). Also, I setup a Server Farm, but it seems all traffic is now set to the first node on the Server Farm (192.168.1.101). However, at least the page loads and runs correctly. I simply want to do an exact match, for example, "cam14", and reverse-proxy / rewrite to a corresponding internal server address - "192.168.1.114".

    Read the article

  • Nginx as reverse proxy: how to properly configure gateway timeout?

    - by user1281376
    We have configured Nginx as a reverse proxy to an Apache server farm, but I'm running into trouble with the gateway timeouts. Our Goal in human readable form is: "Deliver a request within one second, but if it really takes longer, deliver anyway", which for me translates into "Try the first Apache server in upstream for max 500ms. If we get a timeout / an error, try the next one and so on until we finally succeed." Now our relevant configuration is this: location @proxy { proxy_pass http://apache$request_uri; proxy_connect_timeout 1s; proxy_read_timeout 2s; } [...] upstream apache { server 127.0.0.1:8001 max_fails=1 fail_timeout=10s; server 10.1.x.x:8001 max_fails=1 fail_timeout=10s backup; server 10.1.x.x:8001 max_fails=1 fail_timeout=10s backup; server 10.1.x.x:8001 max_fails=1 fail_timeout=10s backup; } The problem here is that nginx seems to misunderstand this as "Try to get a response from the whole upstream cluster within one second and deliver a 50X error if we don't - without any limit on how long to try any upstream server", which is obviously not what we had in mind. Is there any way to get nginx to do what we want?

    Read the article

  • setting up a basic mod_proxy virtual host

    - by SevenProxies
    I'm trying to set up a basic virtual host to proxy all requests to test.local to a WEBrick server I have running on 127.0.0.1:8080 while keeping all requests to localhost going to my static files in /var/www. I'm running Ubuntu 10.04. I have libapache2-mod-proxy-html installed and I have the module enabled with a2enmod proxy. I also have my virtual host enabled. However, whenever I go to test.local I always get a cryptic 500 server error and all my logs are telling me is: [Thu Mar 03 01:43:10 2011] [warn] proxy: No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. Here's my virtual host: <VirtualHost test.local:80> LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so ServerAdmin webmaster@localhost ServerName test.local ProxyPreserveHost On # prevents this folder from being proxied ProxyPass /static ! DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> <Proxy *> Order allow,deny Allow from all </Proxy> ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/ ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined and here's my settings for mod_proxy: <IfModule mod_proxy.c> #turning ProxyRequests on and allowing proxying from all may allow #spammers to use your proxy to send email. ProxyRequests Off <Proxy *> # default settings #AddDefaultCharset off #Order deny,allow #Deny from all ##Allow from .example.com AddDefaultCharset off Order allow,deny Allow from all </Proxy> # Enable/disable the handling of HTTP/1.1 "Via:" headers. # ("Full" adds the server version; "Block" removes all outgoing Via: headers) # Set to one of: Off | On | Full | Block ProxyVia On </IfModule> Does anybody know what I'm doing wrong? Thanks

    Read the article

  • Filezilla connection error

    - by Kumar P
    I have RHEL 5 lan server with squid 2.6 stable proxy settings, Under this have some windows xp desktops Now i installed filezilla ftp client in windows xp, for give services to my client's websites But i can't connect ftp servers throw filezilla , I set generic proxy too. ( HTTP/1.1 USING CONNECT method ) I get error message like this, Status: Connecting to (ftp hostname) through proxy Status: Connecting to hostname:port... Status: Connection with proxy established, performing handshake... Response: Proxy reply: HTTP/1.0 403 Forbidden How can i solve this problem ?

    Read the article

  • VPN connection over apache mod_proxy

    - by This is it
    Hi We have several virtual machines which are connected in a private virtual network connection. Internet access for these machines is provided via dedicated virtual machine which has apache proxy server on it (they all use this machine as proxy). The problem now is that from several machines we need to connect to external VPN Server, but it seems that VPN connections don't work over apache proxy. Any suggestions on how to enable VPN connection over apache proxy (or some other proxy)? Some other solution? Thanks

    Read the article

  • Java dynamic proxy questions.

    - by Tony
    1.Does dynamic proxy instance subclass the target class? The java doc says the proxy instance implements "a list of interfaces", says nothing about subclassing, but through debugging, I saw that the proxy instance did inherit the target class properites.What does the "a list of interfaces " mean? Can I exclude those interfaces implemented by target class ? 2.Can I invoke target class specific methods on a proxy instance? 3. I think dynamic proxy is an interface methods invocation proxy but rather than a target class proxy, is that right (I am deeply infected by hibernate proxy object concept)?

    Read the article

  • How can I proxy couchDB as a sub-diectory with lighttpd?

    - by indieinvader
    I have a sub-directory on my web server (lighttpd) that I want to point at a CouchDB instance running on the same machine. I tried using mod_proxy but it sends along the whole request, like a proxy should, I know! So: // What happens: Lighttpd: http://localhost/couchdb/some_request | V CouchDB: http://localhost:5984/couchdb/some_request // What I want to happen: Lighttpd: http://localhost/couchdb/some_request | V CouchDB: http://localhost:5984/some_request Is there any way to make this setup work?

    Read the article

  • How to change the proxy settings for the Network Service account from the command prompt?

    - by mark
    Currently, I am only aware of the following command: C:\>bitsadmin /util /SetIEProxy NetworkService MANUAL_PROXY 1 92.168.0.200:8080 NULL But, it has the following defects: It is deprecated It does not allow to set the credentials. My question is how can I configure the proxy settings, including the credentials using a more up-to-date tool? EDIT I would like to stress that I am looking for a command line utility to do that.

    Read the article

  • Is there any way to set up a malware-blocking transparent proxy on an Airport Extreme?

    - by Chris R
    I'd like to add some kind of easily-administered transparent HTTP proxy to my home network. Ideally, it would allow me to, for example, redirect web requests to blacklisted servers into nothing, block certain kinds of content, et al. My home network at the moment consists of a mac mini media server that could -- if the load wasn't huge -- fill this role as well, an Airport Extreme, and a mac laptop that is my main machine. I'm reasonably technically savvy, so don't spare the complicated answers.

    Read the article

  • LDAP authentication ... Log in fail on the LDAP client

    - by billyduc
    I can get the password and group from the LDAP client getent passwd getent group work sucessfully But when I try 'su USERNAME' the name from the LDAP server or 'ssh USERNAME@localhost' it prompt me a user password, I typed exactly the USERNAME password but it return "su : Authentication Failure" or "Permission denied, Please try again". I don't know why? it only work when I was at root at the client and "su USERNAME"

    Read the article

  • suggestions for fast reliable proxy IPs like codeen but with posting?

    - by barlop
    Hi, I am looking for a list like one offered by codeen http://codeen.cs.princeton.edu/ of fast reliable proxy servers.. I just want to be able to "post" on usenet or yahoo groups with them.. I think the codeen ones don't allow HTTP-POST I don't need them for downloading or for torrents, or even for any images.. they can block images to keep browsing faster. I know it's not a list, but I did try TOR once, but it was horribly slow.

    Read the article

< Previous Page | 50 51 52 53 54 55 56 57 58 59 60 61  | Next Page >