Search Results

Search found 34649 results on 1386 pages for 'direct access'.

Page 543/1386 | < Previous Page | 539 540 541 542 543 544 545 546 547 548 549 550  | Next Page >

• Sharepoint (WSS 3.0) on SBS 2008 broken.

  - by tcv

  I recently ran the Sharepoint Products and Technologies Wizard. I had hoped this would bring up Sharepoint and allow me to access it so I could begin to learn. But it's not working. Here is some data that I hope is relevant. I am doing all my testing on the SBS 2008 server itself. I changed the hostheader in IIS to reflect an external FQDN I plan to deploy. The SBS server is remote and there are no domain-connected workstations. If I browse "localhost" SSL, I can get to the site, albeit with a self-signed cert warning. If I attempt to connect via SSL using either the internal FQDN (.local), the External FQDN (.net) or any other permutation thereof, I am prompted for credentials three times but am not allowed access. My account is a domain admin. The site is inaccessible using port 80 whether using localhost, internal FQDN (.local), and external FQDN (.net) Right now, I suspect my problem is within IIS, but I don't know. My plan to publish the sharepoint site to the web so my partner and I can check documents in/out. Can someone help me get started in current direction?

  Read the article

• Directory directive: AuthType None but still need an AuthProvider?

  - by Steffen Winkler

  For now I just need the server to let me download files from one specific folder (in my case I chose /opt/myFolder for that task) Distribution is Debian 6.0 *edit_start* Apache version is 2.4, according to their official documentation, the Order/Allow clauses are deprecated and should not be used anymore I'm an idiot: Apache version is 2.2. *edit_end* My directory directives in apache2.conf look like this: <IfModule dir_module> DirectoryIndex index.html index.htm index.php </IfModule> ServerRoot "/etc/apache2" DocumentRoot "/opt/myFolder" <Directory /> Options FollowSymLinks AuthType None AllowOverride None Require all denie </Directory> <Directory "/opt/myFolder/*"> Options FollowSymLinks MultiViews AllowOverride None AuthType None Require all allow </Directory> When I try to access a file inside that folder (http://myserver.de/aTestFile.zip) I get an Internal Server Error. Also Apache writes the following error into it's log: configuration error: couldn't check user. Check your authn provider!: /aTestFile.zip Why would I need an authn provider if I don't want any authentication? Also I hope someone can explain to me what kind of AuthenticationProvider I'd need for that. Everytime I search for those things I get pointed at people asking how to protect files/directories with passwords or restrict access to some IP addresses, which doesn't really help me. ok, since I've Apache version 2.2, here is the error I get when using the Order/Deny/Allow commands instead of AuthType/Require: Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration.

  Read the article

• SFTP ChRoot result in broken pipe

  - by Patrick Pruneau

  I have a website that I want to add some restricted access to a sub-folder. For this, I've decided to use CHROOT with SFTP (I mostly followed this link : http://shapeshed.com/chroot_sftp_users_on_ubuntu_intrepid/) For now, I've created a user (sio2104) and a group (magento).After following the guide, my folder list look like this : -rw-r--r-- 1 root root 27 2012-02-01 14:23 index.html -rw-r--r-- 1 root root 21 2012-02-01 14:24 info.php drwx------ 15 root root 4096 2012-02-25 00:31 magento As you can see, i've chown root:root the folder magento I wanted to jail-in the user and ...everything else by the way. Also in the magento folder, I chown sio2104:magento everything so they can access what they want. Finally, I've added this to sshd_config file : #Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp internal-sftp Match Group magento ChrootDirectory /usr/share/nginx/www/magento ForceCommand internal-sftp AllowTCPForwarding no X11Forwarding no PasswordAuthentication yes #UsePAM yes And the result is...well, I can enter my login, password and it's all finished with a "broken pipe" error. $ sftp [email protected] [....some debug....] [email protected]'s password: debug1: Authentication succeeded (password). Authenticated to 10.20.0.50 ([10.20.0.50]:22). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. Write failed: Broken pipe Connection closed Verbose mode gives nothing to help. Anyone have an idea of what I've done wrong? If I try to login with ssh or sftp with my personnal user, everything works fine.

  Read the article

• MINSCN?Cache Fusion Read Consistent

  - by Liu Maclean(???)

  ????? ???Ask Maclean Home ???  RAC ? Past Image PI????, ?????????,???11.2.0.3 2 Node RAC??????????: SQL> select * from v$version; BANNER -------------------------------------------------------------------------------- Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production PL/SQL Release 11.2.0.3.0 - Production CORE 11.2.0.3.0 Production TNS for Linux: Version 11.2.0.3.0 - Production NLSRTL Version 11.2.0.3.0 - Production SQL> select * from global_name; GLOBAL_NAME -------------------------------------------------------------------------------- www.oracledatabase12g.com SQL> drop table test purge; Table dropped. SQL> alter system flush buffer_cache; System altered. SQL> create table test(id number); insert into test values(1); insert into test values(2); commit; /* ???? rowid??TEST????2????????? */ select dbms_rowid.rowid_block_number(rowid),dbms_rowid.rowid_relative_fno(rowid) from test; DBMS_ROWID.ROWID_BLOCK_NUMBER(ROWID) DBMS_ROWID.ROWID_RELATIVE_FNO(ROWID) ------------------------------------ ------------------------------------                                89233                                    1                                89233                                    1 SQL> alter system flush buffer_cache; System altered. Instance 1 Session A ??UPDATE??: SQL> update test set id=id+1 where id=1; 1 row updated. Instance 1 Session B ??x$BH buffer header?? ?? ??Buffer??? SQL> select state,cr_scn_bas from x$bh where file#=1 and dbablk=89233 and state!=0;      STATE CR_SCN_BAS ---------- ----------          1          0          3    1227595 X$BH ??? STATE????Buffer???, ???????: STATE NUMBER KCBBHFREE 0 buffer free KCBBHEXLCUR 1 buffer current (and if DFS locked X) KCBBHSHRCUR 2 buffer current (and if DFS locked S) KCBBHCR 3 buffer consistant read KCBBHREADING 4 Being read KCBBHMRECOVERY 5 media recovery (current & special) KCBBHIRECOVERY 6 Instance recovery (somewhat special) ????????????? : state =1 Xcurrent ? state=2 Scurrent ? state=3 CR ??? Instance 2  ?? ????????????? ,???? gc current block 2 way  ??Current Block ??? Instance 2, ?? Instance 1 ??”Current Block” Convert ? Past Image: Instance 2 Session C SQL> update test set id=id+1 where id=2; 1 row updated. Instance 2 Session D SQL> select state,cr_scn_bas from x$bh where file#=1 and dbablk=89233 and state!=0; STATE CR_SCN_BAS ---------- ---------- 1 0 3 1227641 3 1227638 STATE =1 ?Xcurrent block???? Instance 2 , ??? Instance 1 ??? GC??: Instance 1 Session B SQL> select state,cr_scn_bas from x$bh where file#=1 and dbablk=89233 and state!=0;      STATE CR_SCN_BAS ---------- ----------          3    1227641          3    1227638          8          0          3    1227595 ???????, ??????Instance 1??session A????TEST??SELECT??? ,????? 3? State=3?CR ? ??????1?: Instance 1 session A ?????UPDATE? session SQL> alter session set events '10046 trace name context forever,level 8:10708 trace name context forever,level 103: trace[rac.*] disk high'; Session altered. SQL> select * from test;         ID ----------          2          2 select state,cr_scn_bas from x$bh where file#=1 and dbablk=89233 and state!=0;       STATE CR_SCN_BAS ---------- ----------          3    1227716          3    1227713          8          0 ?????????v$BH ????CR????,?????SELECT??? CR????????,???????? ?????????? ??X$BH?????? , ?????CR??SCN Version???: 1227641?1227638?1227595, ?SELECT?????? 2???SCN version?CR? 1227716? 1227713 ???, Oracle????????? ?????????SELECT??????event 10708? rac.*???TRACE,??????TRACE??: PARSING IN CURSOR #140444679938584 len=337 dep=1 uid=0 oct=3 lid=0 tim=1335698913632292 hv=3345277572 ad='bc0e68c8' sqlid='baj7tjm3q9sn4' SELECT /* OPT_DYN_SAMP */ /*+ ALL_ROWS IGNORE_WHERE_CLAUSE NO_PARALLEL(SAMPLESUB) opt_param('parallel_execution_enabled', 'false') NO_PARALLEL_INDEX(SAMPLESUB) NO_SQL_TUNE */ NVL(SUM(C1),0), NVL(SUM(C2),0) FROM (SELECT /*+ NO_PARALLEL("TEST") FULL("TEST") NO_PARALLEL_INDEX("TEST") */ 1 AS C1, 1 AS C2 FROM "SYS"."TEST" "TEST") SAMPLESUB END OF STMT PARSE #140444679938584:c=1000,e=27630,p=0,cr=0,cu=0,mis=1,r=0,dep=1,og=1,plh=1950795681,tim=1335698913632252 EXEC #140444679938584:c=0,e=44,p=0,cr=0,cu=0,mis=0,r=0,dep=1,og=1,plh=1950795681,tim=1335698913632390 *** 2012-04-29 07:28:33.632 kclscrs: req=0 block=1/89233 *** 2012-04-29 07:28:33.632 kclscrs: bid=1:3:1:0:7:80:1:0:4:0:0:0:1:2:4:1:26:0:0:0:70:1a:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:4:3:2:1:2:0:3f:0:1c:86:2d:4:0:0:0:0:a2:3c:7c:b:70:1a:0:0:0:0:1:0:7a:f8:76:1d:1:2:dc:5:a9:fe:17:75:0:0:0:0:0:0:0:0:0:0:0:0:63:e5:0:0:0:0:0:0:10:0:0:0 2012-04-29 07:28:33.632578 : kjbcrc[0x15c91.1 76896.0][9] 2012-04-29 07:28:33.632616 : GSIPC:GMBQ: buff 0xba1e8f90, queue 0xbb79f278, pool 0x60013fa0, freeq 1, nxt 0xbb79f278, prv 0xbb79f278 2012-04-29 07:28:33.632634 : kjbmscrc(0x15c91.1)seq 0x2 reqid=0x1c(shadow 0xb4bb4458,reqid x1c)mas@2(infosz 200)(direct 1) 2012-04-29 07:28:33.632654 : kjbsentscn[0x0.12bbc1][to 2] 2012-04-29 07:28:33.632669 : GSIPC:SENDM: send msg 0xba1e9000 dest x20001 seq 24026 type 32 tkts xff0000 mlen x17001a0 2012-04-29 07:28:33.633385 : GSIPC:KSXPCB: msg 0xba1e9000 status 30, type 32, dest 2, rcvr 1 *** 2012-04-29 07:28:33.633 kclwcrs: wait=0 tm=689 *** 2012-04-29 07:28:33.633 kclwcrs: got 1 blocks from ksxprcv WAIT #140444679938584: nam='gc cr block 2-way' ela= 689 p1=1 p2=89233 p3=1 obj#=76896 tim=1335698913633418 2012-04-29 07:28:33.633490 : kjbcrcomplete[0x15c91.1 76896.0][0] 2012-04-29 07:28:33.633510 : kjbrcvdscn[0x0.12bbc1][from 2][idx 2012-04-29 07:28:33.633527 : kjbrcvdscn[no bscn <= rscn 0x0.12bbc1][from 2] *** 2012-04-29 07:28:33.633 kclwcrs: req=0 typ=cr(2) wtyp=2hop tm=689 ??TRACE???? ?????????TEST??????, ???????Dynamic Sampling?????,???????TEST?? CR???,???????’gc cr block 2-way’ ??: 2012-04-29 07:28:33.632654 : kjbsentscn[0x0.12bbc1][to 2] 12bbc1= 1227713  ???X$BH????CR???,kjbsentscn[0x0.12bbc1][to 2] ????? ? Instance 2 ???SCN=12bbc1=1227713   DBA=0x15c91.1 76896.0 ?  CR Request(obj#=76896) ??kjbrcvdscn????? [no bscn <= rscn 0x0.12bbc1][from 2] ,??? ??receive? SCN Version =12bbc1 ???Best Version CR Server Arch ??????????????????SELECT??: PARSING IN CURSOR #140444682869592 len=18 dep=0 uid=0 oct=3 lid=0 tim=1335698913635874 hv=1689401402 ad='b1a188f0' sqlid='c99yw1xkb4f1u' select * from test END OF STMT PARSE #140444682869592:c=4999,e=34017,p=0,cr=7,cu=0,mis=1,r=0,dep=0,og=1,plh=1357081020,tim=1335698913635870 EXEC #140444682869592:c=0,e=23,p=0,cr=0,cu=0,mis=0,r=0,dep=0,og=1,plh=1357081020,tim=1335698913635939 WAIT #140444682869592: nam='SQL*Net message to client' ela= 7 driver id=1650815232 #bytes=1 p3=0 obj#=0 tim=1335698913636071 *** 2012-04-29 07:28:33.636 kclscrs: req=0 block=1/89233 *** 2012-04-29 07:28:33.636 kclscrs: bid=1:3:1:0:7:83:1:0:4:0:0:0:1:2:4:1:26:0:0:0:70:1a:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:4:3:2:1:2:0:2:0:1c:86:2d:4:0:0:0:0:a2:3c:7c:b:70:1a:0:0:0:0:1:0:7d:f8:76:1d:1:2:dc:5:a9:fe:17:75:0:0:0:0:0:0:0:0:0:0:0:0:63:e5:0:0:0:0:0:0:10:0:0:0 2012-04-29 07:28:33.636209 : kjbcrc[0x15c91.1 76896.0][9] 2012-04-29 07:28:33.636228 : GSIPC:GMBQ: buff 0xba0e5d50, queue 0xbb79f278, pool 0x60013fa0, freeq 1, nxt 0xbb79f278, prv 0xbb79f278 2012-04-29 07:28:33.636244 : kjbmscrc(0x15c91.1)seq 0x3 reqid=0x1d(shadow 0xb4bb4458,reqid x1d)mas@2(infosz 200)(direct 1) 2012-04-29 07:28:33.636252 : kjbsentscn[0x0.12bbc4][to 2] 2012-04-29 07:28:33.636358 : GSIPC:SENDM: send msg 0xba0e5dc0 dest x20001 seq 24029 type 32 tkts xff0000 mlen x17001a0 2012-04-29 07:28:33.636861 : GSIPC:KSXPCB: msg 0xba0e5dc0 status 30, type 32, dest 2, rcvr 1 *** 2012-04-29 07:28:33.637 kclwcrs: wait=0 tm=865 *** 2012-04-29 07:28:33.637 kclwcrs: got 1 blocks from ksxprcv WAIT #140444682869592: nam='gc cr block 2-way' ela= 865 p1=1 p2=89233 p3=1 obj#=76896 tim=1335698913637294 2012-04-29 07:28:33.637356 : kjbcrcomplete[0x15c91.1 76896.0][0] 2012-04-29 07:28:33.637374 : kjbrcvdscn[0x0.12bbc4][from 2][idx 2012-04-29 07:28:33.637389 : kjbrcvdscn[no bscn <= rscn 0x0.12bbc4][from 2] *** 2012-04-29 07:28:33.637 kclwcrs: req=0 typ=cr(2) wtyp=2hop tm=865 ???, “SELECT * FROM TEST”??????’gc cr block 2-way’??:2012-04-29 07:28:33.637374 : kjbrcvdscn[0x0.12bbc4][from 2][idx 2012-04-29 07:28:33.637389 : kjbrcvdscn[no bscn ??Foreground Process? Remote LMS??got?? SCN=1227716 Version?CR, ??? ?????X$BH ?????scn??? ??????????Instance 1????2?SCN???CR?, ???????????Instance 1 Buffer Cache?? ??SCN Version ???CR ??????? ?????????: SQL> alter system set "_enable_minscn_cr"=false scope=spfile; System altered. SQL> alter system set "_db_block_max_cr_dba"=20 scope=spfile; System altered. SQL> startup force; ORA-32004: obsolete or deprecated parameter(s) specified for RDBMS instance ORACLE instance started. Total System Global Area 1570009088 bytes Fixed Size 2228704 bytes Variable Size 989859360 bytes Database Buffers 570425344 bytes Redo Buffers 7495680 bytes Database mounted. Database opened. ???? “_enable_minscn_cr”=false ? “_db_block_max_cr_dba”=20 ???RAC????, ??????: ?Instance 2 Session C ?update??????? ?????Instance 1 ????? ,????Instance 1?Request CR SQL> update test set id=id+1 where id=2; -- Instance 2 1 row updated. SQL> select * From test; -- Instance 1 ID ---------- 1 2 ??? Instance 1? X$BH?? select state,cr_scn_bas from x$bh where file#=1 and dbablk=89233 and state!=0;  STATE CR_SCN_BAS ---------- ---------- 3 1273080 3 1273071 3 1273041 3 1273039 8 0 SQL> update test set id=id+1 where id=3; 1 row updated. SQL> select * From test; ID ---------- 1 2 SQL> select state,cr_scn_bas from x$bh where file#=1 and dbablk=89233 and state!=0; STATE CR_SCN_BAS ---------- ---------- 3 1273091 3 1273080 3 1273071 3 1273041 3 1273039 8 0 ................... SQL> select state,cr_scn_bas from x$bh where file#=1 and dbablk=89233 and state!=0; STATE CR_SCN_BAS ---------- ---------- 3 1273793 3 1273782 3 1273780 3 1273769 3 1273734 3 1273715 3 1273691 3 1273679 3 1273670 3 1273643 3 1273635 3 1273623 3 1273106 3 1273091 3 1273080 3 1273071 3 1273041 3 1273039 3 1273033 19 rows selected. SQL> select state,cr_scn_bas from x$bh where file#=1 and dbablk=89233 and state!=0; STATE CR_SCN_BAS ---------- ---------- 3 1274993 ????? ???? “_enable_minscn_cr”(enable/disable minscn optimization for CR)=false ? “_db_block_max_cr_dba”=20 (Maximum Allowed Number of CR buffers per dba) 2? ??? ????? Instance 1 ??????????? ?? 19????CR?? “_enable_minscn_cr”?11g??????????,???Oracle????CR????SCN,?Foreground Process Receive????????????(SCN??)?SCN Version CR Block??????CBC?? SCN??????CR? , ?????????Buffer Cache??????? ????SCN Version?CR????,????? ?????????? ?????Snap_Scn ?? SCN?? ?????????Current SCN, ??????CR??????????????????????, ????Buffer Cache? ?????????? CR?????????, ?????? “_db_block_max_cr_dba” ???????, ???????????20 ,??????Buffer Cache?????19????CR?; ???”_db_block_max_cr_dba” ???????6 , ?????Buffer cache????????CR ???????6?? ??”_enable_minscn_cr” ??CR???MINSCN ??????, ?????????CR???????, ????? Foreground Process??????CR Request , ?? Holder Instance LMS ?build?? BEST CR ??, ?????????

  Read the article

• DNS issue for internal website routing internet connection from remote location

  - by Michael Paul

  I have an issue that I could use some help with. Our company has a main location and a remote location. Previously, the remote location was connected to the main location through an internet connection VPN tunnel. The connection was pitifully slow at 1.5Mbps, so we upgraded it with a 75Mbps direct link. That meant the remote location lost it's internet access, so we routed their access through the main office internet connection. Everything works perfect except for one thing. The website we host is not accessible from the remote location unless the IP address is used. If I do NSLOOKUP on our website address from a machine connected to the main location network, it resolves correctly to the inside IP address. However, if I do the same from a remote location machine, it resolves to the website's outside IP address. Our internal DNS server(s) have a pointer and CNAME records set up, and everything was working perfectly before the connection was upgraded. In addition, the remote location has a domain controller, DNS server and DHCP server to service these requests at the remote location and prevent these requests from getting routed back and forth over the link. So I think was it happening is that for some reason the DNS server at the remote location is not resolving our website name correctly and passing the requests on to the routers, which then push the request out to the internet DNS system. That resolves the name to our external IP. This is purely a DNS issue, everything else works just fine. I am just stumped on this one. Any ideas on how to fix this? Edit: I forgot to mention that at the remote side of the link is a Cisco ASA-5505 and at the main office there is a Cisco ASA-5510. The link is connected between these 2 devices and the routing is handled in the 5510. Thanks, Michael

  Read the article

• LDAP: Extend database using referral

  - by ecapstone

  My company uses an off-site LDAP server to handle authentication. I'm currently working on a local VPN for my branch that needs to use the off-site LDAP to check user's usernames and passwords, but I don't want every employee to have access to the VPN - I need to be able to control whether users can authenticate with the off-site LDAP based on whether they're allowed to use the VPN. My current solution involves having our own local LDAP server, which has a referral to the off-site server (I got most of my information from here: http://www.zytrax.com/books/ldap/ch7/referrals.html). This means that when local users try to check their credentials with the local server, it redirects them to the off-site server, which checks the credentials. This works for authentication, but not for authorization. It would be easiest to add a vpn_users group or is_vpn_user attribute on the off-site server, but, well, that's above my pay grade. Is there any way I can use the local server to control whether users have access to the VPN without needing to change the off-site server? If I could somehow use it to have a local vpn_users group without the users in it having to be located on the local server, that would probably work, but I have no idea how to set that up or if LDAP even supports such a configuration. For reference, I'm using the openvpn-auth-ldap (https://code.google.com/p/openvpn-auth-ldap/) plugin.

  Read the article

• Securely executing system commands as sudo from PHP

  - by Aydin Hassan

  Is it possible? I have written a command line tool in PHP for creating new environments for our company. It creates system users, directories, databases, VHosts and restarts apache, amongst other things. These commands require sudo privileges. I thought it might be a nice idea to have a web-interface for it, to make it easier for other non-developers to use. The web app would be behind authentication. When running from the command line I just run sudo tool.php, obviously I can't do this from a web app. How could I do this securely? Giving the apache user sudo access seems silly, as this would means all sites hosted on the box (eg all our environments) would have sudo access. Is it possible to make this tool run under a different user? this user could have sudo privileges for only the commands I need? How do things like plesk and cPanel do this? Any thoughts?

  Read the article

• Can't login to phpMyAdmin on a WAMP server running Windows 2008

  - by Richard West

  I am setting up a new server. I have installed Apache 2.2.17, PHP 5.3.3, MySQL 5.1.53 and phpMyAdmin 3.3.8 running on a Windows 2008 (32 bit) OS. I have configured Apache and PHP so they appear to be working fine. I have created the standard test php page with the following code and everything appears to be working fine. <?php //index.php phpinfo(); ?> I also see the mySQL and mySQLi section in the above webpage, so it appears that that I have the proper extensions loaded for mySQL access. The problem that I am having centeres around myPHPAdmin. I have this installed and I can access to the login screen at http://localhost/pma I login using "root" and the password I have setup for root. After a delay of 30 seconds or so the web page goes to a blank screen, and the url is now http://localhost/pma/index.php?token= No error is ever displayed - however nothing usable is either. I have confirmed that mySQL is running by going to the command line and logging into mySQL from there. I have double checked my configuration but I am not having any luck getting this to work. I have also disabled the Windows firewall, but that did not change anything. I installed mySQL using the standard port 3306. Any advice would be greatly appreciated.

  Read the article

• Valid IP address but can't surf without rebooting

  - by Kat

  I periodically lose internet and router connection at home. When this happens, others are using the router just fine. I am connecting directly through a wired connection to a Belkin router. I can release and renew the IP (and the IP addresses change to 0.0.0.0 and to an IP in my router's range beginning with 192.168.2. as they should) but still can't surf, can't access the router interface. Cycling the router doesn't help, and again, others are able to access the router fine at this time. Only rebooting the computer resolves the issue, and everything is wonderful for a few hours- and then I lose connection again. I have several ideas where to go from here, but I'd like to get some advice first. (Using Windows XP SP3, hardwired connection) Update As stated in the originally, releasing and renewing doesn't solve the issue. However, I have an update. I can ping localhost and my router IP with no problem at all when the issue occurs. However, repairing the network connection does not help. I AM able to get back on by disabling and then re-enabling the network connection in XP. What does that tell us?

  Read the article

• Microsoft Windows DHCP: Steering IPv4 clients into specific scopes based on MAC

  - by Easter Sunshine

  We have visitors on our campus who bring their own laptops and devices and use our wireless and wired networks. When we receive a copyright infringement notice (typically BitTorrenting), we are required to quarantine that MAC address so that it no longer has Internet access. No matter what website it tries to visit, it is sent to a web page explaining to the user that the device has been quarantined. We have thus far implemented this in ISC DHCP on Linux. We have multiple VLANs with one or more public-IP subnets and one RFC1918 quarantine subnet each. All clients are leased IPs in the public-IP subnet(s) unless you're in a list of known bad MACs. Then, you are sent to the quarantine subnet so that your traffic is unroutable on the Internet (you are isolated by subnet only, not by VLAN). We would like to move to Windows DHCP in light of the IPAM role but I cannot figure out how to replicate this in Windows DHCP 2012 (Assign DHCP IPs for specific MAC prefixes on Windows Server 2008 R2 suggests it was not possible in 2008 R2), even while using policies. So here's what I'd like: The administrator/help desk provides and maintains a list of MAC addresses that are to be quarantined. The DHCP server places those MACs into the quarantine subnet on the respective VLAN, no matter which VLAN the client is in. I don't think reservations would work: We currently have about 300 registered bad MACs and about 12 VLANs. I don't want to make 300 x 12 reservations nor have to add 12 reservations per new MAC address. Not to mention all of the quarantine subnets are /24s. We do not have NPS/NAC. You do not have to register your MAC address get network access. We use Cisco routers/switches. Thanks.

  Read the article

• Cacti is ignoring hash marks in interface aliases

  - by Matt Simmons

  I'm attempting to set up Cacti to monitor a router's interfaces, and I'm having trouble getting the graph templates to show the information that I'd like. Our interface configuration looks like this: interface GigabitEthernet3/6 description WalljackNumber # Server info no ip address no shutdown switchport switchport access vlan 116 switchport mode access ip dhcp snooping trust spanning-tree portfast The "Server Info" string is really just the machine name, and a short relevant description, such as "PolarSprings vmnic2". The important part appears to be that it follows the hashmark. When I run snmpwalk, I get the proper output: IF-MIB::ifAlias.230 = STRING: WalljackNumber # Server info But in Cacti, when I go into the graph templates and set the title to this: |host_description| - Traffic - |query_ifName| (|query_ifAlias|) All that shows up in the graph is: switchname - Traffic - Gi3/6 (WalljackNumber #) Which strikes me as a little weird. What I suppose MAY be happening is that somewhere in the cacti stream, it's interpreting # as being a comment and stripping everything after, but I'm not sure. I was hoping someone could tell me that this was a known documented behavior, or that I could change it in a setting that I wasn't aware of. The alternative answer is to change the delimiter from # to something else, but I've got over a thousand lit switchports on an old college infrastructure, and I'm not sure what else might be relying on them.

  Read the article

• How to prevent samba from holding a file lock after a client disconnects?

  - by Jean-Francois Chevrette

  Here I have a Samba server (Debian 5.0) thats is configured to host Windows XP profiles. Clients connects to this server and work on their profiles directly on the samba share (the profile is not copied locally). Every now and then, a client may not shutdown properly and thus Windows does not free the file locks. When looking at the samba locking table, we can see that many files are still locked even though the client is not connected anymore. In our case, this seems to occur with lockfiles created by Mozilla Thunderbird and Firefox. Here's an example of the samba locking table: # smbstatus -L | grep DENY_ALL | head -n5 Pid Uid DenyMode Access R/W Oplock SharePath Name Time -------------------------------------------------------------------------------------------------- 15494 10345 DENY_ALL 0x3019f RDWR EXCLUSIVE+BATCH /home/CORP/user1 app.profile/user1.thunderbird/parent.lock Mon Nov 22 07:12:45 2010 18040 10454 DENY_ALL 0x3019f RDWR EXCLUSIVE+BATCH /home/CORP/user2 app.profile/user2.thunderbird/parent.lock Mon Nov 22 11:20:45 2010 26466 10056 DENY_ALL 0x3019f RDWR EXCLUSIVE+BATCH /home/CORP/user3 app.profile/user3.firefox/parent.lock Mon Nov 22 08:48:23 2010 We can see that the files were opened by Windows and imposed a DENY_ALL lock. Now when a client reconnects to this share and tries to open those files, samba says that they are locked and denies access. Is there any way to work around this situation or am I missing something? Edit: We would like to avoid disabling file locks on the samba server because there are good reasons to have those enabled.

  Read the article

• Suspected brute force attack

  - by HarveySaayman

  Recently I acquired a dedicated server from a local ISP to play around with. As the tags suggest, its a windows server 2008 R2 machine. I've only had it for a few days, and no real traffic is going to it yet. I haven't even deployed a "real" website to it yet. Just a silly page so that I could check IIS, my host headers, DNS records, etc are all configured correctly. While playing around, I noticed a ton of Audit Failure entries in the event viewers security logs. It seems something is trying to access the administrator account, and failing. It smells like a brute force attack to me. My ISP gave me the account details of the administrator account and I used those to RDP into the box, which I've heard is not the securest of situations. I created myself another account and added myself to the administrator group, so im using that account to gain acceess to the machine now. In response to all of this i used http://strongpasswordgenerator.com/ to generate me some 20 character length strong passwords and changed all of my account passwords, even the SQL sa user. I also enabled the auto ban feature of FileZillaServer (my FTP server) My questions: 1) how can i detect this kind of thing better? 2) how can i protect my server from unauthorized access better? PS: I'm a software dev, not a sysadmin so please mind my server security idiot-ness-ness

  Read the article

• How to bypass vpn talking to VMWare Guest?

  - by marc esher

  Greetings. Network/VPN n00b question here. I'm running VMWare Workstation with a Guest Windows 2003 Server. It has SQL Server 2000 installed. The sole purpose for this Guest is to house SQL Server... it needn't have internet access or access to any other resources on the network other than the host. When launch Check Point VPN software, the host routes through the company network before it connects to the guest ... i.e. it's no longer a direct connection. I assume this is just how things are supposed to work. However, what's happening is that the connection between my host and the SQL Server instance on the guest intermittently drops. It's not consistent, and some databases on the server will be responsive while others aren't. It appears that the databases with the most traffic on the guest (the ones I'm hitting with load tests) are the ones that become intermittently unresponsive. This problem only manifests when VPN is on; when it's off, I can pound away on this database with no troubles. Thanks for any advice!

  Read the article

• simple apache2 reverse proxy setup not working

  - by Nick

  I know what proxy is (very high level), it's just I have never set up one, and it feels like I might be missing some big fat point here. My setup: client server (static IP), runs apache on port 80 proxy (has 2 network cards, one is on the clients network, the other one with a static IP on the server network), runs apache on port 80 I am trying to configure these three machines so that when client requests: http://proxy/machine1 It gets served server's pages at server root URL, i.e. http://server/ I can access client pages just fine. However, when I try accessing a page from the client machine, it simply gets redirected to server's IP address, which it clearly can't access since they are not on the same network: ... <meta http-equiv="REFRESH" content="0;url=http://server/machine1"></meta> <title>Redirect</title> ... My apache2 config is: LoadModule proxy_module /modules/mod_proxy.so LoadModule proxy_http_module /modules/mod_proxy_http.so ProxyRequests off <Proxy *> Order Allow,Deny Allow from all </Proxy> ProxyPass /machine1 http://server:80 <Location /machine1> ProxyPassReverse / </Location> What gives? Thanks!

  Read the article

• Campus VLAN Segmentation - By OS?

  - by Moduspwnens

  We've been thinking through re-arranging our network and VLAN configuration. Here's the situation. We already have our servers, VoIP phones, and printers on their own VLANs, but our problem lies with end user devices. There are just too many to lump on the same VLAN without being hammered with broadcasts! Our current segmentation strategy has them split into VLANs like this: Student iPads Staff iPads Student Macbooks Staff Macbooks Gaming devices Staff (Other) Student (Other) *Note that our network has many more iPads and MacBooks than most. Since the primary reason we're splitting them is just to put them in smaller groups, this has been working for us (for the most part). However, this required our staff to maintain access control lists (MAC addresses) of all devices belonging in these groups. It also has the unfortunate side effect of illogically grouping broadcast traffic. For example, using this setup, students on opposite ends of campus using iPads will share broadcasts, but two devices belonging to the same user (in the same room) will likely be on completely separate VLANs. I feel like there must be a better way of doing this. I've done a lot of research and I'm having trouble finding instances of this kind of segmentation being recommended. The feedback on the most relevant SO question seems to point toward VLAN segmentation by building/physical location. I feel like that makes sense because logically, at least among miscellaneous end users, broadcasts will typically be intended for nearby devices. Are there other campuses/large-scale networks out there segmenting VLANs based on end-system OS? Is this a typical configuration? Would VLAN segmentation based on physical location (or some other criteria) be more effective? EDIT: I've been told that we will soon be able to dynamically determine device OS without maintaining access lists, although I'm not sure how much that affects the answers to the questions.

  Read the article

• Setup Version Control on Dreamweaver

  - by John Isaacks

  I have a win computer on the Network called WIN2K8FS1 I have TortoiseSVN on a win computer and when I go to checkout a repository with Tortoise it asks me for the URL of the repository. I put in: file://WIN2K8FS1/Media/SVN_repo And it creates the working copy. I am trying to setup Dreamweaver CS5 to work with subversion. I create a new site and I go to the Version Control tab and it asks for a lot if info. First is Access. I choose Subversion since that is the only option Second is Protocol. Not sure which I need so I go with HTTP? Third is Server Address. I am assuming this is the name of the computer with the repository so I put in \\WIN2K8FS1\ Fourth is Repository Path. I put in /Media/SVN_repo Fifth is Port which I leave default to 80 Then it asks for user name and password. I never set one up for anything so I put in my domain username and password. I click test and it tells me: Server and project are not accessible! I am not sure what I am doing wrong. I am not the server admin but I did create the repository and have access to it via Tortoise. So I am not sure what I am doing wrong in Dreamweaver.

  Read the article

• How to route to a secondary interface on the same physical ethernet?

  - by sjose3612611

  INTERNET<->(wan)BRIDGED_DEVICE(lan)<->ETH_ROUTER<->LAN Problem: Need to access web server on BRIDGED_DEVICE's LAN from INTERNET via ROUTER (BRIDGED_DEVICE's web server cannot be accessed form INTERNET since it has no Public management IP). Cannot configure bridged device. It has a static IP on its LAN to which its web server binds. Attempt: Create a secondary/alias WAN Interface on ETH_ROUTER (e.g Primary: eth0.1 (for internet access) and Secondary: eth0.2 (for accessing web server on BRIDGED_DEVICE), (No VLANs). eth0.1 has a public IP; eth0.2 has a static private IP in the BRIDGED_DEVICE's subnet (e.g 10.0.X.Y). Iptables on ETH_ROUTER: Added a port forward (DNAT) from eth0.1 to eth0.2: iptables -t nat -I PREROUTING -i eth0.1 -p tcp --dport 80 -j DNAT --to-destination 10.0.X.Y iptables -t nat -I POSTROUTING -o eth0.2 -s 10.0.X.0/24 -j MASQUERADE Stateful firewall w/ overall drop policy on FORWARD chain, hence: iptables -I FORWARD -i eth0.1 -d 10.0.X.Y -p tcp --dport 80 -j ACCEPT Can ping from ETH_ROUTER to BRIDGED_DEVICE but unable to reach the web server from Internet. I see packet cont increasing for the DNAT rule but not sure where it disappears in the ETH_ROUTER after that. ETH_ROUTER is the only device that can be configured to achieve this. If familiar with this scenario, please suggest what I may be missing or doing wrong here or suggest techniques to debug?

  Read the article

• IIS URl Rewrite working inconsistently?

  - by Don Jones

  I'm having some oddness with the URL rewriting in IIS 7. Here's my Web.config (below). You'll see "imported rule 3," which grabs attempts to access /sitemap.xml and redirects them to /sitemap/index. That rule works great. Right below it is imported rule 4, which grabs attempts to access /wlwmanifest.xml and redirects them to /mwapi/wlwmanifest. That rule does NOT work. (BTW, I do know it's "rewriting" not "redirecting" - that's what I want). So... why would two identically-configured rules not work the same way? Order makes no different; Imported Rule 4 doesn't work even if it's in the first position. Thanks for any advice! EDIT: Let me represent the rules in .htaccess format so they don't get eaten :) RewriteEngine On # skip existing files and folders RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] # get special XML files RewriteRule ^(.*)sitemap.xml$ /sitemap/index [NC] RewriteRule ^(.*)wlwmanifest.xml$ /mwapi/index [NC] # send everything to index RewriteRule ^.*$ index.php [NC,L] The "sitemap" rewrite rule works fine; the 'wlwmanifest' rule returns a "not found." Weird.

  Read the article

• Offline copies in Windows file sharing

  - by netvope

  I frequently access media files (music or video) on a remote Windows file share. My Internet connection is not very fast, and I find it a waste of bandwidth when I repeatedly access the same files. For example, I may listen to the same song 30 times in a month. So, I would like to cache files I've used. I know Windows has an "Always available offline" feature but I think it doesn't suit my needs. I don't want to make the whole share "available offline" as the remote Windows file share is huge (in terabytes). Making individual files "available offline" is tedious as the files are scattered in many different directories. It would be much more convenient if I can simply cache those I've used. Also The files on the share seldom change. Many of the files are rarely used. Some of the files are frequently used. I don't have a list of the most frequently used files. So I think the best way is to have a caching proxy for the Windows share. What do you think? I have a Linux box sitting around. Perhaps I should try to setup samba4?

  Read the article

• Password Protect XML-RPC

  - by Terence Eden

  I have a service running on a server which I want to access via XML-RPC. I've installed all the necessary bits. Within /etc/apache2/httpd.conf I have the single line SCGIMount /RPC2 127.0.0.1:5000 I can run xmlrpc commands from my server - and any server which connects to /RPC2. What I want to do is password protect the directory to stop unauthorised usage. Within /etc/apache2/httpd.conf I've added <Location /RPC2> AuthName "Private" AuthType Basic AuthBasicProvider file AuthUserFile /home/me/myhtpasswd Require user me </Location> Trying to access /RPC2 brings up the "Authorization Required" box and it accepts my username and password. However, xmlrpc now doesn't work! If I run xmlrpc localhost some_command on my server, I get the error Failed. Call failed. HTTP response code is 401, not 200. (XML-RPC fault code -504) Is there any way I can password protect my /RPC2 directory and have xmlrpc commands work?

  Read the article

• Debian - Secure system from current administrator

  - by netadmin

  Hello, I am the Network and Systems Administrator in an organization of just under 500 users. We have a number of Windows Servers, and that is certainly my area of expertise. We also have a very small handful of Debian servers. We are about to terminate the sysadmin of these Debian systems. Short of powering down the systems, I would like to know how I can ensure that the previous admin does not have control of these systems in the future, at least until we hire a replacement linux sysadmin. I have physical/virtual-console access to each of the systems, so I can reboot them in various user-modes. I just don't know what to do. Please assume that I do not currently have root access to all of these systems (an oversight on my part that I now recognize.) I have some experience in Linux, and use it on my desktop on a daily basis, but I must admit that I am a competent user of linux, not a systems admin. I have no fear of the command line however.... Is there a list of steps that one should take to "secure" a system from somebody else? Again, I assure you that this is legit, I am re-taking control of my employer's systems, at the request of my employer. I hope to not have to shut the systems down permanently and still be reasonably certain that they are secure. Thanks for your time.

  Read the article

• Why am I unable to reach local network computers, but able to browse the web?

  - by Igor Zinov'yev

  I have a weird problem. Today after turning my Ubuntu 9.10 PC on I can't connect to my local network, but I can use the Internet. We have a single Windows 2003 server machine that acts as a local main DNS server, DHCP server and a domain controller. Although it seems to give me the local IP address, I can not ping it, as well as any other machine on the net. I have tried all of the below and it didn't help: Rebooting; Reconnecting to the network; Forcing the dhclient to renew the IP address; Deleting and creating new connection profiles; Plugging my machine into another network outlet; Maybe it has something to do with routing, because I have tampered with routing tables the day before, but the tables seem ok to me: $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 vboxnet0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 Our LAN uses a D-Link DI-604 router, and it looks to me as if I am connected to the network outside the router. I can not even access its administration page. Please at least suggest what I can do to solve this. P.S. What seems strangest to me is that I can access the PC in question from outside the network by opening a port on the router. I have managed to ssh to it from outside, but I still can't ping nothing on the inside. P.P.S Today I tried reinstalling network-manager with --purge option, but it did no good. After that I created a new DCHP reservation for my PC in order to change my local IP, but that didn't change anything either. My PC is able to get a DHCP offer, but then it's unable to connect to any local computers. I am desperate.

  Read the article

• Remote search system for samba shares

  - by fostandy

  I have several shares residing on a samba server in a small business environment that I would like to provide search facilities for. Ideally this would be something like google desktop with some extra features (see below), but lacking this the idea is to take what I can get, or at least get an idea for what is out there. Using google desktop search as a reference model, the principle additional requirement is that it is usable from clients over the network. In addition there are some other notes (note that none of these are hard requirements) The content is always files, residing on a single server, accessible from samba shares. Standard ms office document fare Also a lot of rars and zips which it is necessary to search inside. Permissions support, allowing for user-based control to reflect current permission access in samba shares. The userbase will remain fairly static, so manual management of users is fine. majority of users will be Windows based I know there are plenty of search indexers out there: beagle and tracker seem to be the most popular. Most do not seem to offer access control and web-based/remote search does not seem to be high priority. I've also seen a recent post on the samba mailing list asking for pretty much the exact same thing. (They mention a product called IBM OmniFind Yahoo! Edition and while their initial reception seems positive, I am pretty skeptical. RHEL 4? Firefox 2? Updated much?) edit: similar question here What else is out there? Are you in a similar situation? What do you use?

  Read the article

• Can't create add a SQL Server user: The login already has an account under a different user name.

  - by Zian Choy

  Environment: SQL Server 2005 Express Windows 7 When I installed SQL Server, I followed the instructions at http://msdn.microsoft.com/en-us/library/aa905868.aspx to set my computer's admin account as the SQL Server admin. However, when I try to access a database on my computer through Visual Studio 2008, I get the following error message: --------------------------- Microsoft Visual Studio --------------------------- The database 'Parkinsons' does not exist or you do not have permission to see it. Would you like to attempt to create it? --------------------------- Yes No --------------------------- Then, if I go to SQL Server and add a user to that database, I get the following error message: TITLE: Microsoft SQL Server Management Studio Express ------------------------------ Create failed for User 'zian'. (Microsoft.SqlServer.Express.Smo) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.2047.00&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Create+User&LinkId=20476 ------------------------------ ADDITIONAL INFORMATION: An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.Express.ConnectionInfo) ------------------------------ The login already has an account under a different user name. (Microsoft SQL Server, Error: 15063) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=09.00.4053&EvtSrc=MSSQLServer&EvtID=15063&LinkId=20476 ------------------------------ BUTTONS: OK ------------------------------ Why doesn't VS piggy back on the dbo account? If the dbo account is unusable, then why won't SQL Server let me make an account so that I can access my own data?

  Read the article

< Previous Page | 539 540 541 542 543 544 545 546 547 548 549 550  | Next Page >