Search Results

Search found 3366 results on 135 pages for 'openvpn auth ldap'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 64/135 | < Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >

  • How a password is transmited to AD Server

    - by erdogany
    My question is how ADSI performs SetPassword operation. According to what I have read ADSI is a COM interface and it has more capabilities than AD provides through LDAP. While you are suppose to update unicodePwd attribute of a personaccount entity through LDAP, ADSI provides you SetPassword call. I know that ADSI & AD provides Kerberos during authentication. So how the password is transmitted to server when SetPassword is called? Is it raw binary unencrypted data? Or does Kerberos comes into play at this call?

    Read the article

  • How to get rid of messages addressed to not existing subdomains?

    - by user71061
    Hi! I have small problem with my sendmail server and need your little help :-) My situation is as follow: User mailboxes are placed on MS exchanege server and all mail to and from outside world are relayed trough my sendmail box. Exchange server ----- sendmail server ------ Internet My servers accept messages for one main domain (say, my.domain.com) and for few other domains (let we narrow it too just one, say my_other.domain.com). After configuring sendmail with showed bellow abbreviated sendmail.mc file, essentially everything works ok, but there is small problem. I want to reject messages addressed to not existing recipients as soon as possible (to avoid sending non delivery reports), so my sendmail server make LDAP queries to exchange server, validating every recipient address. This works well both domains but not for subdomains. Such subdomains do not exist, but someone (I'm mean those heated spamers :-) could try addresses like this: user@any_host.my.domain.com or user@any_host.my_other.domain.com and for those addresses results are as follows: Messages to user@sendmail_hostname.my.domain.com are rejected with error "Unknown user" (due to additional LDAPROUTE_DOMAIN line in my sendmail.mc file, and this is expected behaviour) Messages to user@any_other_hostname.my.domain.com are rejected with error "Relaying denied". Little strange to me, why this time the error is different, but still ok. After all message was rejected and I don't care very much what error code will be returned to sender (spamer). Messages to user@sendmail_hostname.my_other.domain.com and user@any_other_hostname.my_other.domain.com are rejected with error "Unknown user" but only when, there is no user@my_other.domain.com mailbox (on exchange server). If such mailbox exist, then all three addresses (i.e. user@my_other.domain.com, user@sendmail_hostname.my_other.domain.com and user@any_other_hostname.my_other.domain.com) will be accepted. (adding additional line LDAPROUTE_DOMAIN(my_sendmail_host.my_other.domain.com) to my sendmail.mc file don't change anything) My abbreviated sendmail.mc file is as follows (sendmail 8.14.3-5). Both domains are listed in /etc/mail/local-host-names file (FEATURE(use_cw_file) ): define(`_USE_ETC_MAIL_')dnl include(`/usr/share/sendmail/cf/m4/cf.m4')dnl OSTYPE(`debian')dnl DOMAIN(`debian-mta')dnl undefine(`confHOST_STATUS_DIRECTORY')dnl define(`confRUN_AS_USER',`smmta:smmsp')dnl FEATURE(`no_default_msa')dnl define(`confPRIVACY_FLAGS',`needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl FEATURE(`use_cw_file')dnl FEATURE(`access_db', , `skip')dnl FEATURE(`always_add_domain')dnl MASQUERADE_AS(`my.domain.com')dnl FEATURE(`allmasquerade')dnl FEATURE(`masquerade_envelope')dnl dnl define(`confLDAP_DEFAULT_SPEC',`-p 389 -h my_exchange_server.my.domain.com -b dc=my,dc=domain,dc=com')dnl dnl define(`ALIAS_FILE',`/etc/aliases,ldap:-k (&(|(objectclass=user)(objectclass=group))(proxyAddresses=smtp:%0)) -v mail')dnl FEATURE(`ldap_routing',, `ldap -1 -T<TMPF> -v mail -k proxyAddresses=SMTP:%0', `bounce')dnl LDAPROUTE_DOMAIN(`my.domain.com')dnl LDAPROUTE_DOMAIN(`my_other.domain.com ')dnl LDAPROUTE_DOMAIN(`my_sendmail_host.my.domain.com')dnl define(`confLDAP_DEFAULT_SPEC', `-p 389 -h "my_exchange_server.my.domain.com" -d "CN=sendmail,CN=Users,DC=my,DC=domain,DC=com" -M simple -P /etc/mail/ldap-secret -b "DC=my,DC=domain,DC=com"')dnl FEATURE(`nouucp',`reject')dnl undefine(`UUCP_RELAY')dnl undefine(`BITNET_RELAY')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`confDONT_PROBE_INTERFACES',true)dnl define(`MAIL_HUB',` my_exchange_server.my.domain.com.')dnl FEATURE(`stickyhost')dnl MAILER_DEFINITIONS MAILER(smtp)dnl Could someone more experienced with sendmail advice my how to reject messages to those unwanted subdomains? P.S. Mailboxes @my_other.domain.com are used only for receiving messages and never for sending.

    Read the article

  • Security when, ssh Private keys are lost

    - by Shree Mandadi
    Cant explain my problem enough with words, Let me take an example.. and please multiple the complexity by a 100 for the Solution. User-A has two ssh private keys, and over time has used this public key on a number of servers He lost one of them, and has created a new pair. How does User-A, inform me (Sys Admin), that he has lost his key, and How do I manage all the servers to which he had access to (I do not have a list, of all Servers that User-A has access to). In other words, How do I recall, the public key associated with this Private key. REF: In the LDAP based Authentication, All Servers would communicate with a single Server repository for Authentication, and If I remove acess or modify the password on the Server, all Systems that use this LDAP for Authentication are secured, when User-A loses his password..

    Read the article

  • openldap proxied authorization

    - by bemace
    I'm having some trouble doing updates with proxied authorization (searches seem to work fine). I'm using UnboundID's LDAP SDK to connect to OpenLDAP, and sending a ProxiedAuthorizationV2RequestControl for dn: uid=me,dc=People,dc=example,dc=com with the update. I've tested and verified that the target user has permission to perform the operation, but I get insufficient access rights when I try to do it via proxy auth. I've configured olcAuthzPolicy=both in cn=config and authzTo={0}ldap:///dc=people,dc=example,dc=com??subordinate?(objectClass=inetOrgPerson) on the original user. The authzTo seems to be working; when I change it I get not authorized to assume identity when I try the update (also for searches). Can anyone suggest what else I should look at or how I could get more detailed errors from OpenLDAP? Anything else I can test to narrow down the source of the problem?

    Read the article

  • How can I transfer a logged in user's login data from one server to another?

    - by Martin
    I have one server "A" where users can login. Login is verified by an LDAP server "L". I have a different server "B" were users can log in, too. Login is verified by the same LDAP server as before. Both servers are standard web servers with PHP. My goal is: If a user is logged in to server "A", and if he clicks a link to log in to server "B", the user should automatically be logged in without re-entering username and password. What is a good and secure way to achieve this? I can't submit username and crypted password to server "B". I can't use the PHP session of server "A", because it does not exit on "B". Cookies won't work either. I think that there is a way, but I just can't see it. Any help is very much appreciated.

    Read the article

  • OpenLdap 2.4 on centos 6 doesn't listen on port 636

    - by Oliver Henriot
    I have an openldap 2.4 server on centos 6 whose confg I copied from those I have running under openldap 2.3 servers on centos 5 machines. On openldap 2.3, specifying TLSCACertificateFile, TLSCertificateFile and TLSCertificateKeyFile with correct values makes the server listen on port 636. This is not the case on the openldap 2.4 setup. I have configured it with loglevel -1 but I have not seen any clue as to what might be wrong and reading the openldap 2.4 manual doesn't indicate if any of the other TLS related parameters are now mandatory. I don't think so though because if I run the service manually, using "# /usr/sbin/slapd -u ldap -h "ldap:/// ldaps:/// ldapi:///"", the server does listen on port 636 and I can query it using "ldapsearch -H ldaps://myserver:636". Is there something I am missing to get the server to listen on port 636 without having to always launch it manually? Is this linked to centos 6 or openldap 2.4? Thank you. Cheers,

    Read the article

  • FreeBSD 9 (amd64) reboot/shutdown process is very slow

    - by nbari
    I have a Dell Poweredge 2900 III with FreeBSD 9 (amd64), the server uses mfi wich handles a raid10, I had to reboot the server, but notice that either when rebooting or shutting down the server, something is going wrong, besides taking to much time to reboot/shutdown, after rebooting I notice that that some ldap instances within some jails could'nt start and this was because the database was corrupted. This make me think that probably something was wrong with the disks or mfi card, but checking the disk array / logs everything seems to be working fine. My set up is something like this: Host server has the minimum base of FreeBSD 9 amd64, within I create some jails, the ones contain services like mysql, email, and some others ldap. With FreeBSD 7 and 8 I didn't notice this behavior but with FreeBSD 9 something is not working well. I did a clean installation of FreeBSD 9 and root filesystem is using ZFS. Attached is an image hoping some one can give me a hint of what to check or any kind of advice. reboot capture screen image

    Read the article

  • Restoring openldap configuration from ldif file?

    - by Solignis
    I am trying to restore my OpenLDAP server from an ldif file I made before it went horribly wrong. All of the websites I found talk about using slapadd but when I run slapadd -v -l ~ns01/openldap_config.ldif it returns the error Could not stat config file "/etc/ldap/slapd.conf" : No such file or directory (2) slapadd: bad configuration file! When I look in the directory indeed the file does not exist, but this is because Ubuntu 11.10 is running in RTC mode, my LDAP server uses the /etc/slapd.d/cn=config for the configuration. So? What am I missing? Is slapadd the wrong tool to use? As I said above I running on Ubuntu 11.10 server edition 64-bit.

    Read the article

  • Code that Worked with MultiView fails with Wizard ASP.NET

    - by davemackey
    I originally created a process that occurred by transitioning between views in a multiview and it worked fine. Now, I've moved this same code into a ASP.NET Wizard and it keeps throwing an error at the second step. The error is: Method 'System.Object AndObject(System.Object, System.Object)' has no supported translation to SQL. Any ideas why this would occur when moving the code into the wizard? I'm sure its something stupid, but I've checked over the code 3-4 times now and it appears identical operationally. Here is the code: ' Make sure we have the LDAP portion of the .NET Framework available. Imports System.DirectoryServices ' Allows us to interface with LDAP. Imports System.Data.Linq.SqlClient ' Allows us to use LINQ SQL Methods. Partial Public Class buildit Inherits System.Web.UI.Page Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load ' ******* Grab the LDAP info. for current user. Dim ID As FormsIdentity = DirectCast(User.Identity, FormsIdentity) Dim ticket As FormsAuthenticationTicket = ID.Ticket Dim adDirectory As New DirectoryEntry("LDAP://OU=[info],DC=[info],DC=[info],DC=[info]") ' We need to strip off @email.address from the ticket name, so we'll use substring to grab the first ' five characters. Dim adTicketID As String = ticket.Name.Substring(0, 5) Dim adEmployeeID As String adEmployeeID = adDirectory.Children.Find("CN=" & adTicketID).Properties("employeeID").Value ' ******* Lets make sure they have signed the housing contract and the community covenant. Dim dbContractSigs As New pcRoomOccupantsDataContext Dim pcContractSigs = From p In dbContractSigs.webContractSigs _ Where p.people_id = adEmployeeID _ Select p.res_contract, p.comm_life If pcContractSigs.Count.Equals(0) Then Response.Redirect("signcontract.aspx") Else Dim cs As String = pcContractSigs.First.res_contract.ToString Dim cos As String = pcContractSigs.First.comm_life.ToString If cs = "Y" And cos = "Y" Then ' We don't need to do anything. ' We use the else statement b/c there are multiple conditions that could occur besides "N" ' that would cause us to redirect to the signature page, whereas there is only one valid response - "Y". Else ' Redirect the individual to our contracts page. Response.Redirect("signcontract.aspx") End If End If ' ******* Now lets find out what gender that individual is. Dim dbIndividual As New pcPeopleDataContext Dim pcIndividual = From p In dbIndividual.PEOPLEs _ Join d In dbIndividual.DEMOGRAPHICs On p.PEOPLE_CODE_ID Equals d.PEOPLE_CODE_ID _ Where p.PEOPLE_ID = adEmployeeID _ Select p, d ' Make a session variable that will carry with the user throughout the session delineating gender. Session("sgender") = pcIndividual.First.d.GENDER.ToString ' Debug Code. ' Put a stop at end sub to get these values. ' Response.Write(adEmployeeID) End Sub Sub LinqDataSource1_Selecting(ByVal sender As Object, ByVal e As LinqDataSourceSelectEventArgs) ' Lets get a list of the dorms that are available for user's gender. Dim pcDorms As New pcDormsDataContext Dim selectedDorms = (From sd In pcDorms.PBU_WEB_DORMs _ Where IIf(Session("sgender").ToString = "M", sd.description = "Male", sd.description = "Female") _ Select sd.dorm_building).Distinct() e.Result = selectedDorms End Sub Public Sub Button_ItemCommand(ByVal Sender As Object, ByVal e As RepeaterCommandEventArgs) ' ******** Lets pass on the results of our query in LinqDataSource1_Selecting. Session("sdorm") = RTrim(e.CommandName) ' ******** Debug code. ' Response.Write(sDorm) End Sub Sub LinqDataSource2_Selecting(ByVal sender As Object, ByVal e As LinqDataSourceSelectEventArgs) ' ******** Get a list of rooms available in the dorm for user's gender. Dim pcDorms As New pcDormsDataContext Dim selectedDorm = (From sd In pcDorms.PBU_WEB_DORMs _ Where IIf(Session("sgender").ToString = "M", sd.description = "Male", sd.description = "Female") _ And sd.dorm_building = CStr(Session("sdorm")) _ Select sd.dorm_room) e.Result = selectedDorm End Sub Public Sub Button2_ItemCommand(ByVal Sender As Object, ByVal e As RepeaterCommandEventArgs) ' ******** Lets pass on the results of our query in LinqDataSource2_Selecting. Session("sroom") = RTrim(e.CommandName) End Sub Sub LinqDataSource3_Selecting(ByVal sender As Object, ByVal e As LinqDataSourceSelectEventArgs) ' ******** Grabs the individuals currently listed as residing in this room and displays them. Note the use of SqlMethods.Like ' for dorm_building, this is due to legacy issues where dorms sometimes have leading or trailing blank spaces. We could have ' also used Trim. Dim pcOccupants As New pcRoomOccupantsDataContext Dim roomOccupants = (From ro In pcOccupants.webResidents _ Where SqlMethods.Like(ro.dorm_building, "%" & CStr(Session("sdorm")) & "%") _ And ro.dorm_room = CStr(Session("sroom")) _ Select ro.person_name) e.Result = roomOccupants ' ******** Debug code. 'Response.Write(CStr(Session("sdorm"))) 'Response.Write(CStr(Session("sroom"))) End Sub Protected Sub Button4_Click(ByVal sender As Object, ByVal e As EventArgs) Handles Button4.Click ' ******** Reserve the room for a student. End Sub End Class

    Read the article

  • links for 2010-06-02

    - by Bob Rhubart
    @eelzinga: Oracle Service Bus 11g communication with Oracle SOA Suite 11g, DirectBindings, part1 Oracle ACE Erikc Elzinga launches a series of post in which he will describe how to develop various  Oracle Service Bus 11g to Oracle SOA Suite  process flows. (tags: oracle otn oracleace soa servicebus) @Atul_Kumar: Integrate UCM (ECM/Content Server) with Microsoft Active Directory as LDAP Provider Atul Kumar's step-by-step instructions. (tags: oracle otn enterprise2.0 ucm ecm ldap) Stefan Hinker: Is my application a good fit for CMT? "The first and most important criterion for suitability is always the service time of your application," says Stefan Hinker.  "If this is sufficient, then the application is OK on CMT. If it is not, and the reason is actually the CPU and not some other high-latency component (like a remote database), you will need to test on other CPU architectures." (tags: oracle sun cpu cmt sparc solaris) @deltalounge: Definitions of Services and Processes Peter Paul shares a collection of useful definitions gathered from the works of many of the big thinkers in the SOA space.  (tags: oracle otn soa businessprocess) OTN TechCast: Oracle Solaris Virtualization - Oracle Solaris Video Joost Pronk, CTO for Oracle Solaris Product Management, provides an overview of the robust virtualization functionality built into the Oracle Solaris OS. (tags: oracle otn solaris virtualization)

    Read the article

  • Setup for mounting kerberized nfs home directory - gssd not finding valid kerberos ticket

    - by janm
    Our home directories are exported via kerberized nfs, so the user needs a valid kerberos ticket to be able to mount its home. This setup works fine with our existing clients & server. Now we want to add some 11.10 client and thus set up ldap & kerberos together with pam_mount. The ldap authentication works and users can login via ssh, however their homes can not be mounted. When pam_mount is configured to mount as root, gssd does not find a valid kerberos ticket and the mount fails. Nov 22 17:34:26 zelda rpc.gssd[929]: handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' Nov 22 17:34:26 zelda rpc.gssd[929]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt2) Nov 22 17:34:26 zelda rpc.gssd[929]: process_krb5_upcall: service is '<null>' Nov 22 17:34:26 zelda rpc.gssd[929]: getting credentials for client with uid 0 for server purple.physcip.uni-stuttgart.de Nov 22 17:34:26 zelda rpc.gssd[929]: CC file '/tmp/krb5cc_65678_Ku2226' being considered, with preferred realm 'PURPLE.PHYSCIP.UNI-STUTTGART.DE' Nov 22 17:34:26 zelda rpc.gssd[929]: CC file '/tmp/krb5cc_65678_Ku2226' owned by 65678, not 0 Nov 22 17:34:26 zelda rpc.gssd[929]: WARNING: Failed to create krb5 context for user with uid 0 for server purple.physcip.uni-stuttgart.de Nov 22 17:34:26 zelda rpc.gssd[929]: doing error downfall When pam_mount is on the other hand configured with the noroot=1 option, then it cannot mount the volume at all. Nov 22 17:33:58 zelda sshd[2226]: pam_krb5(sshd:auth): user phy65678 authenticated as [email protected] Nov 22 17:33:58 zelda sshd[2226]: Accepted password for phy65678 from 129.69.74.20 port 51875 ssh2 Nov 22 17:33:58 zelda sshd[2226]: pam_unix(sshd:session): session opened for user phy65678 by (uid=0) Nov 22 17:33:58 zelda sshd[2226]: pam_mount(mount.c:69): Messages from underlying mount program: Nov 22 17:33:58 zelda sshd[2226]: pam_mount(mount.c:73): mount: only root can do that Nov 22 17:33:58 zelda sshd[2226]: pam_mount(pam_mount.c:521): mount of /Volumes/home/phy65678 failed So how can we allow users of a specific group to perform nfs mounts? If this does not work, can we make pam_mount use root but pass the correct uid?

    Read the article

  • Oracle Traffic Director – download and check out new cool features in 11.1.1.7.0 by Frances Zhao

    - by JuergenKress
    As Oracle's strategic layer-7 software load balancer product, Oracle Traffic Direct is fast, reliable, secure, easy-to-use and scalable; that you can deploy as the reliable entry point for all TCP, HTTP and HTTPS traffic to application servers and web servers in your network. The latest release Oracle Traffic Director 11.1.1.7.0 is available for ExaLogic and Database Appliance! For download and details please visit the Traffic Director OTN website. It this release, we have introduced some major new functionality and improvements. Web application firewall. Oracle Traffic Director supports web application firewalls. A web application firewall (WAF) is a filter or server plugin that applies a set of rules, called rule sets, to an HTTP request. Using a web application firewall, users can inspect traffic and deny requests to protect back-end applications from CSRF vulnerabilities and common attacks such as cross-site scripting. WebSocket Connections. Oracle Traffic Director handles WebSocket connections by default. WebSocket connections are long-lived and allow support for live content, games in real-time, video chatting, and so on. Support for LDAP/T3 Load Balancing. Oracle Traffic Director now supports basic LDAP/T3 load balancing at layer 7, where requests are handled as generic TCP connections for traffic tunneling. It works in full-NAT mode. Please download and try it out. For more information, check out the data sheet and the documentation. For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Wiki Technorati Tags: traffic director,WebLogic Community,Oracle,OPN,Jürgen Kress

    Read the article

  • How to prevent Network Manager from auto creating network connection profiles with "available to everyone" by default

    - by airtonix
    We have several laptops at work which use Ubuntu 11.10 64bit. I have our Wifi Access Point requiring WPA2-EAP Authentication (backed by a LDAP server). I have the staff using these laptops when doing presentations by using the Guest Account. So by default when you have a wifi card, network manager will display available Wireless Access Points. So the logical course of action for a Novice(tm) user is to single left click the easy to use option in the Network Manager drop down list... At this point the Staff Member (who is logged in with the guest account) expects to just be able to connect and enter any authentication details if required. But because they are using the Guest account, they won't ever have admin permissions (nor do I want them to), and so PolKit kicks in with a request for admin authorisation. I solved this part by modifying the PolKit permissions required to allow all users to create System Network Connections... However, because these Staff members are logging onto the Wifi Access Point with Ldap Credentials and because the Network Manager is now saving those credentials as a System Connection, their password is available for the next guest user session (because system connection profiles are stored in /etc/NetworkManager/system-connections.d/* ). It creates system connections by default because "Available to all users" is ticked by default when you quickly connect to a new wifi access point. I want Network Manager to not tick this by default. This way I can revert the changes I made to Polkit and users network connection profiles will be purged when they log out.

    Read the article

  • How to find connected hosts at network (vpn or lan)

    - by Javier Novoa C.
    Hello, I'm looking for possible solutions to the following need: I have a VPN configured (using openVPN over Linux, BTW), and I want to know at any moment which hosts are connected to it. I recognize that it probably is the same thing as trying to know which hosts are connected to a lan, so any of the solutions might do the job... The fact is that I once used a hamachi vpn on linux and with it I had the chance to know which hosts were connected to a particular network where I belonged, so I was wondering if something similar might be possible in openVPN (or even any VPN and/or any LAN). Preferably, I'm looking for opensource/free sw solutions, or maybe the hints to program it myself (in the most simple way if possible, not that I don't know how to program, but I'm trying to achieve this in a simple manner). But anyway, if there are no os/fsw solutions, any other one might do... Thanks a lot! Javier, Mexico city

    Read the article

  • Ubuntu 12.04 // Likewise Open // Unable to ever authenticate AD users

    - by Rob
    So Ubuntu 12.04, Likewise latest from the beyondtrust website. Joins domain fine. Gets proper information from lw-get-status. Can use lw-find-user-by-name to retrieve/locate users. Can use lw-enum-users to get all users. Attempting to login with an AD user via SSH generates the following errors in the auth.log file: Nov 28 19:15:45 hostname sshd[2745]: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory Nov 28 19:15:45 hostname sshd[2745]: PAM adding faulty module: pam_winbind.so Nov 28 19:15:51 hostname sshd[2745]: error: PAM: Authentication service cannot retrieve authentication info for DOMAIN\\user.name from remote.hostname Nov 28 19:16:06 hostname sshd[2745]: Connection closed by 10.1.1.84 [preauth] Attempting to login via the LightDM itself generates similar errors in the auth.log file. Nov 28 19:19:29 hostname lightdm: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory Nov 28 19:19:29 hostname lightdm: PAM adding faulty module: pam_winbind.so Nov 28 19:19:47 hostname lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "DOMAIN\user.name" Nov 28 19:19:52 hostname lightdm: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:DOMAIN\user.name][error code:40022] Nov 28 19:19:54 hostname lightdm: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory Nov 28 19:19:54 hostname lightdm: PAM adding faulty module: pam_winbind.so Attempting to login via a console on the system itself generates slightly different errors: Nov 28 19:31:09 hostname login[997]: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory Nov 28 19:31:09 hostname login[997]: PAM adding faulty module: pam_winbind.so Nov 28 19:31:11 hostname login[997]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:DOMAIN\user.name][error code:40022] Nov 28 19:31:14 hostname login[997]: FAILED LOGIN (1) on '/dev/tty2' FOR 'DOMAIN\user.name', Authentication service cannot retrieve authentication info Nov 28 19:31:31 hostname login[997]: FAILED LOGIN (2) on '/dev/tty2' FOR 'DOMAIN\user.name', Authentication service cannot retrieve authentication info I am baffled. The errors obviously are correct, the file /lib/security/pam_winbind.so does not exist. If its a dependancy/required, surely it should be part of the package? I've installed/reinstalled, I've used the downloaded package from the beyondtrust website, i've used the repository, nothing seems to work, every method of installing this application generates the same errors for me. UPDATE : Hrmm, I thought likewise didn't use native winbind but its own modules. Installing winbind from apt-get uninstalls pbis-open (likewise) and generates failures when installing if pbis-open is installed first. Uninstalled winbind, reinstalled pbis-open, same issue as above. The file pam_winbind.so does not exist in that location. Setting up pbis-open-legacy (7.0.1.918) ... Installing Packages was successful This computer is joined to DOMAIN.LOCAL New libraries and configurations have been installed for PAM and NSS. Clearly it thinks it has installed it, but it hasn't. It may be a legacy issue with the previous attempt to configure domain integration manually with winbind. Does anyone have a working likewise-open installation and does the /etc/nsswitch.conf include references to winbind? Or do the /etc/pam.d/common-account or /etc/pam.d/common-password reference pam_winbind.so? I'm unsure if those entries are just legacy or setup by likewise. UPDATE 2 : Complete reinstall of OS fixed it and it worked seamlessly, like it was meant to and those 2 PAM files did NOT include entries for pam_winbind.so, so that was the underlying problem. Thanks for the assist.

    Read the article

  • Desktop login fails, terminal works

    - by Tobias
    I have a freshly setup 12.04 LTS pc system (120 GB SSD, 1 TB HDD, 16 GiB RAM); since a few days, I can't login to the graphical desktop anymore: there is very short flashing shell window which disappears very quickly, and I'm confronted with the login screen again. I believe there is something about modprobe and vbox, but I can't read it fast enough ... I can login to a terminal (Ctrl+Alt+F1). It did not help to chown all contents of my home directory to me:my-group, like suggested here. This is what I could find in /var/log, grepping for the date and time (I inserted linebreaks after <my-hostname>; real time values preserved): auth.log: <date> 22:43:01 <my-hostname> lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "tobias" <date> 22:43:08 <my-hostname> lightdm: pam_unix(lightdm:session): session closed for user lightdm <date> 22:43:08 <my-hostname> lightdm: pam_unix(lightdm:session): session opened for user tobias by (uid=0) <date> 22:43:08 <my-hostname> lightdm: pam_ck_connector(lightdm:session): nox11 mode, ignoring PAM_TTY :0 <date> 22:43:08 <my-hostname> lightdm: pam_unix(lightdm:session): session closed for user tobias <date> 22:43:09 <my-hostname> lightdm: pam_unix(lightdm:session): session opened for user lightdm by (uid=0) <date> 22:43:09 <my-hostname> lightdm: pam_ck_connector(lightdm:session): nox11 mode, ignoring PAM_TTY :0 <date> 22:43:10 <my-hostname> lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "tobias" <date> 22:43:10 <my-hostname> dbus[756]: [system] Rejected send message, 2 matched rules; type="method_call", sender="1:43" (uid=104 pid=1639 comm="/usr/lib/indicator-datetime/indicator-datetime-ser") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.15" (uid=0 pid=1005 comm="/usr/sbin/console-kit-daemon --no-daemon ") kern.log: <date> 22:43:00 <my-hostname> kernel: [ 16.084525] eth0: no IPv6 routers present syslog: <date> 22:43:00 <my-hostname> kernel: [ 16.084525] eth0: no IPv6 routers present <date> 22:43:01 <my-hostname> ntpdate[1492]: adjust time server 91.189.94.4 offset -0.162831 sec <date> 22:43:08 <my-hostname> acpid: client 969[0:0] has disconnected <date> 22:43:08 <my-hostname> acpid: client connected from 1553[0:0] <date> 22:43:08 <my-hostname> acpid: 1 client rule loaded I have Virtualbox and Truecrypt installed, but I can't think of a reason why they might prevent a graphical login. I'm confused: What is this about requirement "user ingroup nopasswdlogin" not met? I do login using a password, and the password works ok when logging in to a terminal! Can I somehow read the error output, e.g. by delaying it, redirecting it to a file, or having the system prompt me for pressing a key? Has possibly any recent update caused my problem? Should I install the pending updates? How, btw, without access to the graphical UI? I have some working knowledge about the Linux shell, but I'm new to Ubuntu. Any help would be appreciated.

    Read the article

  • ActionMailer and Exchange

    - by Jason Nerer
    Hello Community, I successfully send Mails via SMTP using my Rails App and my Postfix Server. Now I need to move to an Exchange: Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 that has POP3 and SMTP support enabled. I use actionmailer 1.2.5 and am not able to successfully login to the server while trying to send a mail. In case I use Mail.app sending and recieving works fine as long as I change the authentication schema to "Password". Checking the server looks like so: READ Nov 18 10:37:00.509 [kCFStreamSocketSecurityLevelNone] -- host:mail.my-mail-server-domain.com -- port:25 -- socket:0x11895cf20 -- thread:0x11b036a10 250-mail.my-mail-server-domain.com Hello [xxx.xxx.xxx.xxx] 250-TURN 250-SIZE 250-ETRN 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-8bitmime 250-BINARYMIME 250-CHUNKING 250-VRFY 250-X-EXPS GSSAPI NTLM LOGIN 250-X-EXPS=LOGIN 250-AUTH GSSAPI NTLM LOGIN 250-AUTH=LOGIN 250-X-LINK2STATE 250-XEXCH50 250 OK WROTE Nov 18 10:37:00.852 [kCFStreamSocketSecurityLevelNone] -- host:mail.my-mail-server-domain.com -- port:25 -- socket:0x11895cf20 -- thread:0x11b036a10 AUTH LOGIN READ Nov 18 10:37:01.848 [kCFStreamSocketSecurityLevelNone] -- host:mail.my-mail-server-domain.com -- port:25 -- socket:0x11895cf20 -- thread:0x11b036a10 235 2.7.0 Authentication successful. So authentication method :login seems to be properly supported. Now when it comes to my configuration for actionmailer it looks like so: ActionMailer::Base.server_settings = { :address => "mail.my-mail-server-domain.com", :port => 25, :domain => "my-mail-server-domain.com", :authentication => :login, :user_name => "myusername", :password => "mypassword" } And I get authentication errors over and over. I also tried to change :user_name => "my-mail-server-domain.com\myusername" :user_name => "my-mail-server-domain.com\\myusername" :user_name => "myusername/my-mail-server-domain.com" :user_name => "[email protected]" but nothing works. Can anyone help me? Regards. Jason

    Read the article

  • Laravel - public layout not needed in every function

    - by fischer
    I have just recently started working with Laravel. Great framework so far! However I have a question. I am using a layout template like this: public $layout = 'layouts.private'; This is set in my Base_Controller: public function __construct(){ //Styles Asset::add('reset', 'css/reset.css'); Asset::add('main', 'css/main.css'); //Scripts Asset::add('jQuery', 'http://ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js'); //Switch layout template according to the users auth credentials. if (Auth::check()) { $this -> layout = 'layouts.private'; } else { $this -> layout = 'layouts.public'; } parent::__construct(); } However I get an error exception now when I try to access functions in my diffrent controllers, which should not call any view, i.e. when a user is going to login: class Login_Controller extends Base_Controller { public $restful = true; public function post_index() { $user = new User(); $credentials = array('username' => Input::get('email'), 'password' => Input::get('password')); if (Auth::attempt($credentials)) { } else { } } } The error I get, is that I do not set the content of the different variables in my public $layout. But since no view is needed in this function, how do I tell Laravel not to include the layout in this function? The best solution that I my self have come a cross (don't know if this is a bad way?) is to unset($this -> layout); from function post_index()... To sum up my question: how do I tell Laravel not to include public $layout in certain functions, where a view is not needed? Thanks in advance, fischer

    Read the article

  • Problem with messages framework in Django 1.2

    - by Konstantin
    Hello! I'm running Django 1.2 beta and trying out the new feature: message framework. http://docs.djangoproject.com/en/dev/ref/contrib/messages/ Everything seems to work, but when I try to output the messages, I get nothing. Seems that messages variable is empty. I double checked all the settings, they seem to be just like in the manual. What could be wrong? settings.py MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', #send messages to users 'django.middleware.locale.LocaleMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', #debug tool 'debug_toolbar.middleware.DebugToolbarMiddleware', ) TEMPLATE_CONTEXT_PROCESSORS = ( 'django.contrib.messages.context_processors.messages', #send messages to users 'django.core.context_processors.auth', ) #Store messages in sessions MESSAGE_STORAGE = 'django.contrib.messages.storage.session.SessionStorage'; INSTALLED_APPS = ( 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', #'django.contrib.sites', 'django.contrib.admin', 'django.contrib.messages', 'debug_toolbar', #my apps #... ) views.py def myview(request): from django.contrib import messages messages.error(request, 'error test'); messages.success(request, 'success test'); return render_to_response('mytemplate.html', locals()); mytemplate.html {% for message in messages %} {{ message }}<br /> {% endfor %} In template nothing is outputted.

    Read the article

  • Why my Google endpoint is always the same?

    - by joetsuihk
    always: https://www.google.com/accounts/o8/ud i got wordpress openid ok. so i think is is just discovery phase got some probelms.. <?php $ch = curl_init(); $url = 'https://www.google.com/accounts/o8/id'; $url = $url.'?'; $url = $url.'openid.mode=checkid_setup'; $url = $url.'&openid.ns=http://specs.openid.net/auth/2.0'; $url = $url.'&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select'; $url = $url.'&openid.identity=http://specs.openid.net/auth/2.0/identifier_select'; $url = $url.'&openid.return_to='.site_url().'/user/openid/login_callback'; $url = $url.'&openid.realm=http://www.example.com/'; // set url curl_setopt($ch, CURLOPT_URL, $url); //return the transfer as a string curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 2); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPHEADER,array("Accept: */*")); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); // $output contains the output string $xdr = curl_exec($ch); if (!$xdr) { die(curl_error($ch)); } // close curl resource to free up system resources curl_close($ch); $xml = new SimpleXMLElement($xdr); $url = $xml->XRD->Service->URI; $request = $connection->begin($url); $request always null...

    Read the article

  • Django "login() takes exactly 1 argument (2 given)" error

    - by Oleksandr Bolotov
    I'm trying to store the user's ID in the session using django.contrib.auth.login . But it is not working not as expected. I'm getting error login() takes exactly 1 argument (2 given) With login(user) I'm getting AttributeError at /login/ User' object has no attribute 'method' I'm using slightly modifyed example form http://docs.djangoproject.com/en/dev/topics/auth/ : from django.shortcuts import render_to_response from django.contrib.auth import authenticate, login def login(request): msg = [] if request.method == 'POST': username = request.POST['u'] password = request.POST['p'] user = authenticate(username=username, password=password) if user is not None: if user.is_active: login(request, user) msg.append("login successful") else: msg.append("disabled account") else: msg.append("invalid login") return render_to_response('login.html', {'errors': msg}) there's nothing special about login.html: <html> <head> <title></title> </head> <body> <form action="/login/" method="post"> Login:&nbsp; <input type="text" name="u"> <br/> Password:&nbsp; <input type="password" name="p"> <input type="submit" value="Login"> </form> {% if errors %} <ul> {% for error in errors %} <li>{{ error }}</li> {% endfor %} </ul> {% endif %} </body> </html> Does anybody have idea how to make login() work.

    Read the article

  • Exclude css & image resources in web.xml Security Constraint

    - by Tiggles
    I am using JSF2.1 and Glassfish 3.1.2. I specify a security constraint to block everything: <security-constraint> <web-resource-collection> <web-resource-name>Secured Content</web-resource-name> <!-- Block all --> <url-pattern>/*</url-pattern> </web-resource-collection> <!-- only users with at least one of these roles are allowed to access the secured content --> <auth-constraint> <role-name>ADMINISTRATOR</role-name> </auth-constraint> </security-constraint> and have another to allow access a subset of pages and the resources: <security-constraint> <web-resource-collection> <web-resource-name>Open Content</web-resource-name> <!-- Allow subscribe --> <url-pattern>/subscribe/*</url-pattern> <url-pattern>/javax.faces.resource/*</url-pattern> </web-resource-collection> <!-- No Auth Contraint! --> </security-constraint> This works fine. However, is the following <url-pattern>/javax.faces.resource/*</url-pattern> the correct way to allow all resources? I only did this by looking at the url that Facelets injects into the xhtml. Is there security holes with this approach? Thanks.

    Read the article

  • Custom header using PHP soap functions

    - by Dees
    Hi, I am having a problem getting a custom soap header to work with PHP5. Can anybody guide me please. What I require is something like this <SOAP-ENV:Header> <USER>myusername</USER> <PASSWORD>mypassword</PASSWORD> </SOAP-ENV:Header> What I get is : <SOAP-ENV:Header> <ns2:null> <USER>myusername</USER> <PASSWORD>mypassword</PASSWORD> </ns2:null> </SOAP-ENV:Header> I would like to remove the namespace tags. The code I use to get this is: class Authstuff { public $USER; public $PASSWORD; public function __construct($user, $pass) { $this->USER = $user; $this->PASSWORD = $pass; } } $auth = new Authstuff('myusername', 'mypassword'); $param = array('Authstuff' => $auth); $authvalues = new SoapVar($auth,SOAP_ENC_OBJECT); $header = new SoapHeader('http://soapinterop.org/echoheader/',"null",$authvalues);

    Read the article

  • Why is iPdb not displaying STOUT after my input?

    - by BryanWheelock
    I can't figure out why ipdb is not displaying stout properly. I'm trying to debug why a test is failing and so I attempt to use ipdb debugger. For some reason my Input seems to be accepted, but the STOUT is not displayed until I (c)ontinue. Is this something broken in ipdb? It makes it very difficult to debug a program. Below is an example ipdb session, notice how I attempt to display the values of the attributes with: user.is_authenticated() user_profile.reputation user.is_superuser The results are not displayed until 'begin captured stdout ' In [13]: !python manage.py test Creating test database... < SNIP remove loading tables nosetests ...E.. /Users/Bryan/work/APP/forum/auth.py(93)can_retag_questions() 92 import ipdb; ipdb.set_trace() ---> 93 return user.is_authenticated() and ( 94 RETAG_OTHER_QUESTIONS <= user_profile.reputation < EDIT_OTHER_POSTS or user.is_authenticated() user_profile.reputation user.is_superuser c F /Users/Bryan/work/APP/forum/auth.py(93)can_retag_questions() 92 import ipdb; ipdb.set_trace() ---> 93 return user.is_authenticated() and ( 94 RETAG_OTHER_QUESTIONS <= user_profile.reputation < EDIT_OTHER_POSTS or c .....EE...... FAIL: test_can_retag_questions (APP.forum.tests.test_views.AuthorizationFunctionsTestCase) Traceback (most recent call last): File "/Users/Bryan/work/APP/../APP/forum/tests/test_views.py", line 71, in test_can_retag_questions self.assertTrue(auth.can_retag_questions(user)) AssertionError: -------------------- begin captured stdout << --------------------- ipdb True ipdb 4001 ipdb False ipdb --------------------- end captured stdout << ---------------------- Ran 20 tests in 78.032s FAILED (errors=3, failures=1) Destroying test database... In [14]: Here is the actual test I'm trying to run: def can_retag_questions(user): """Determines if a User can retag Questions.""" user_profile = user.get_profile() import ipdb; ipdb.set_trace() return user.is_authenticated() and ( RETAG_OTHER_QUESTIONS <= user_profile.reputation < EDIT_OTHER_POSTS or user.is_superuser) I've also tried to use pdb, but that doesn't display anything. I see my test progress .... , and then nothing and not responsive to keyboard input. Is this a problem with readline?

    Read the article

  • Cakephp ACL authentication issue - I'm locked out

    - by Baseer
    I've followed the CakePHP Cookbook ACL tutorial And as of right now I'm just trying to add users using the scaffolding method. I'm trying to go to /users/add but it always redirects me to the login screen even though I have added $this->Auth->allow('*'); in beforeFilter() temporarily to allow access to all pages. I've done this in both the UsersController and GroupsController as the tutorial asked. Below is my code for UsersController which I think will be the most relevant of all the files. Let me know if any other piece of code is required. <?php class UsersController extends AppController { var $name = 'Users'; var $scaffold; function beforeFilter() { parent::beforeFilter(); $this->Auth->allow('*'); } function login() { //Auth Magic } function logout() { //Leave empty for now. } } ?> I think I've pretty much followed the tutorial, any ideas as to what I may be missing? Thanks. I've been stuck on this for a while. =(

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >