Search Results

Search found 2133 results on 86 pages for 'zend acl'.

Page 72/86 | < Previous Page | 68 69 70 71 72 73 74 75 76 77 78 79  | Next Page >

• FTP in DMZ, TCP Ports for LDAP Auth

  - by sam

  szenario: (outside)---(ASA5510)---(inside) -Windows2008 DC .....................(dmz) ..........-Win2008 FTP Server Which Ports do I need to open from DMZ-Inside that FTP Users can authentificated on the Inside DC? I have allready opend 389 (Ldap), 636 (secure Ldap) and 53 (dns). But the ftp Client stucks allways after processing the credentials and the FTP Server gives you an eventlog "logon error". the error messages indicates that there could be an issue with closed ports. if I turn the ACL to "IP", that means all ports are open, everything is working fine.

  Read the article

• How to handle a player's level and its consequent privileges?

  - by Songo

  I'm building a game similar to Mafia Wars where a player can do tasks for his gang and gain experience and thus advancing his level. The game is built using PHP and a Mysql database. In the game I want to limit the resources allowed to player based on his level. For example: ________| (Max gold) | (Max army size) | (Max moves) | ... Level 1 | 1000 | 100 | 10 | ... Level 2 | 1500 | 200 | 20 | ... Level 3 | 3000 | 300 | 25 | ... . . . In addition certain features of the game won't be allowed until a certain level is reached such as players under Level 10 can't trade in the game market, players under Level 20 can't create alliances,...etc. The way I have modeled it is by implementing a very loooong ACL (Access Control List) with about 100 entries (an entry for each level). However, I think there may be a simpler approach to this seeing that this feature have been implemented in many games before.

  Read the article

• Using both domain users and local users for Squid authentication?

  - by Massimo

  I'm working on a Squid proxy which needs to authenticate users against an Active Directory domain; this works fine, Samba was correctly set up and Squid authenticates users via ntlm_auth. Relevant lines in squid.conf: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm keep_alive on acl Authenticated proxy_auth REQUIRED http_access allow Authenticated http_access deny all Now, I need a way to allow access to users which don't have a domain account. I know I could create an "internet user" account in the domain, but this would allow access, although limited, to domain resources (file shares, etc.); I need something that will allow only Internet access. The ideal solution would be using a local account on the proxy server, either a Linux account or a Squid one; I know Squid supports this, but I'm unable to have it use both domain authentication and Squid/local authentication if domain auth is unsuccesful. Can this be done? How?

  Read the article

• how to connect public web server to internal LAN

  - by DefSol

  I have a VPS which is my public web server for all my clients. It's running server 2008 and I would like to have it connect via secure connection to my internal LAN. I would like this to be a route so access is bi-derectional. Have read about Server & Domain isolation, but am concerned this may prevent public views to the webs sites on the server. I currently have a PPTP tunnel, but I'm wanting better security (IPSec or SSL etc) and it's not given my bi derectional access. (In fact my backups aren't copying accross but this could be an acl issue) The goal is to provide easy/automated backups of data & sql db's to my internal LAN, as well as a means to provision new sites & db's from a workflow occuring internally. Internal lan is windows based with ISA 2006 at the perimeter. Thanks

  Read the article

• Squid: problem with FTP service (Windows Server)

  - by Diego

  I followed the instructions on this question and everythig works fine. I have an DHCP server that assigns "IP client" without gateway. Internet with IE or Firefox Browser works but FTP service doesn't work. In squid.conf I have put a line: acl Safe_ports port 80 21 443 389 5307 8080 3144 8282 88 8443 20443 11438 1443 8050 30021 10443 4747 4774 1384 Have I to put gateway in DHCP Server? Have you any suggestion for me? Thanks for your help!

  Read the article

• Nobody nogroup on ubuntu client with Solaris server

  - by user1574623

  I have an openIdiana server with ZFS and it has been shared with NFS on a ubuntu server (called server1) one year ago. Now i am asked to shared it on a second ubuntu server (called server2). So i have took the line in /etc/fstab from server 1 and add it in server2: 192.168.1.22:mypool/data/.zfs/snapshot /mnt/zfs nfs acl,intr,noatime 0 0 But when i mount it, the rights on server2 are "nobody nogroup" (connect as anonymous?!) whereas its ok on server1. And on my OpenIndiana, I haven't found where it is configured (its not me who configured it last year). So I have tried to set zfs set sharenfs=rw numpool/data but without success. So i am looking for a file like /etc/exports on Ubuntu to configure which server is allowed to connect, and not as anonymous. Any idea? thanks,

  Read the article

• squid configuration change to accept http request on LAN

  - by Ratan Kumar

  installed squid + dansguardian to block adult content on my linux (ubuntu 12.10) . everything worked fine. it has blocked as expected . now the problem is i am also running an apache server for my LAN . ( kind of website ) but when accessing it via 192.168.0.1 , it says squid has blocked the connection , this is the exact error The following error was encountered while trying to retrieve the URL: http: //192.168.0.16/ Connection to 192.168.0.16 failed. The system returned: (113) No route to host The remote host or network may be down. Please try the request again. Your cache administrator is webmaster. before configuring the squid it was working fine . what changes in the squid.conf i have to make . i tried acl Safe_ports 80 allow_all Safe_ports ( i want to know how i can configure it again to listen HTTP request from LAN )

  Read the article

• Cisco ASA 5505 (8.05): asymmetrical group-policy filter on an L2L IPSec tunnel

  - by gravyface

  I'm trying to find a way to setup a bi-directional L2L IPSec tunnel, but with differing group-policy filter ACLs for both sides. I have the following filter ACL setup, applied, and working on my tunnel-group: access-list ACME_FILTER extended permit tcp host 10.0.0.254 host 192.168.0.20 eq 22 access-list ACME_FILTER extended permit icmp host 10.0.0.254 host 192.168.0.20 According to the docs, VPN filters are bi-directional, you always specify the remote host first (10.0.0.254), followed by the local host and (optionally) port number, as per the documentation. However, I do not want the remote host to be able to access my local host's TCP port 22 (SSH) because there's no requirement to do so -- there's only a requirement for my host to access the remote host's SFTP server, not vice-versa. But since these filter ACLs are bidirectional, line 1 is also permitting the remote host to access my host's SSH Server. The documentation I'm reading doesn't seem to clear to me if this is possible; help/clarification much appreciated.

  Read the article

• Ubuntu 12.04 Server: permissions on /var/www for newly copied files

  - by Abe

  I ran the following commands to set up ACL on the /var/www folder in my Ubuntu 12.04 Server: sudo usermod -g www-data abe sudo chown -R www-data:www-data /var/www sudo chmod -R 775 /var/www I downloaded Wordpress using wget in my /var/www folder and unzipped the downloaded file: cd /var/www wget http://wordpress.org/latest.zip mv latest.zip wordpress.zip unzip wordpress.zip I created a new database and user in mysql and attempted to run the setup process through the web interface. When I enter the configuration info in wordpress I run into the following error message: Sorry, but I can't write the wp-config.php file. When I run ls -la, I see that the files are owned by my user abe, but they are part of the group www-data. Would I have to run the chmod command every time I copy new files to /var/www? sudo chmod -R 775 /var/www

  Read the article

• Configuring Samba to allow Use of CUPS printer

  - by Skizz

  Having trouble with samba printing. I have a CUPS printer installed on an Ubuntu 11.04 server and that works great. When I try to configure samba to allow an XP machine to use the printer, it fails when printing. I can install the printer drivers for XP from the server and the printer appears in the XP printer control panels. When I try to print a test page from the XP machine I get this error in the system event log: Jun 27 20:33:29 FatController smbd[3571]: [2012/06/27 20:33:29, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) Jun 27 20:33:29 FatController smbd[3571]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client JAMES machine account JAMES$ Here's my smb.conf file: [global] server string = %h (Server) workgroup = SODOR encrypt passwords = true security = user os level = 255 preferred master = yes domain master = yes local master = yes logon path = \\%L\profile\%U logon drive = S: logon home = \\%L\home\%U domain logons = yes map to guest = Never guest ok = no dns proxy = no time server = yes logon script = logon.bat load printers = yes printing = cups printcap name = cups nt acl support = no interfaces = eth1 lo bind interfaces only = yes smb ports = 445 [netlogon] comment = Net Log On path = /home/samba/netlogon guest ok = no read only = yes browseable = no [profile] comment = User Profiles path = /home/samba/profiles read only = no create mask = 0600 directory mask = 0700 browseable = no store dos attributes = yes [printers] comment = All Printers path = /var/spool/samba browseable = yes guest ok = no printable = yes [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes guest ok = no read only = yes write list = root, skizz Anyone know what the problem is and how to fix it? In addition to the above, I also get this error: Jun 27 21:56:35 FatController smbd[3571]: [2012/06/27 21:56:35, 0] printing/print_cups.c:1027(cups_job_submit) Jun 27 21:56:35 FatController smbd[3571]: Unable to print file to `Edward' - client-error-not-authorized which I think is more relevant.

  Read the article

• Is giving read permissions on /etc/shadow to apache user a wise decision from security point of view?

  - by Czar

  I have to use PAM authentication for DAV SVN, but when everything is configured as specified in mod_auth_pam documentation, authentication does not work. After some research I realized, that for this to work, httpd should be running under root user (which I don't like and won't implement) or apache user (under which httpd is running by default) should have permissions to read /etc/shadow file. So there is a pair of questions connected to each other which I want to ask: Is giving this permition to apache user a wise decision from security point of view? If answer to the first question is "yes", what is the correct way to do so? For now I've done following: groupadd shadow usermod -G shadow apache chmod g+r /etc/shadow Another way I can come up with is using acl: setfacl -m u:apache:r /etc/shadow Note: OS is Fedora 14 x86_64 (kernel: 2.6.35.11) httpd v2.2.17 mod_auth_pam v1.1.1

  Read the article

• How to add admin users in 389 LDAP, fedora directory server

  - by chandank

  I want to create couple of Admin users who have access to create/delete users on a particular group/Organization Unit. For example, User: uid=testadmin, ou=people, dc=my,dc=net Should have access to create new users/delete users under ou=People,dc=my,dc=net I tried with below ACI but did not work (target = "ldap:///ou=People,dc=my,dc=net")(targetattr = "*") (version 3.0;acl "testadmin Permissions";allow (proxy)(userdn = "ldap:///uid=testadmin,ou=people,dc=my,dc=net");) I am able to add administrative users from the Directory Server console, but this user data is not stored in ldif files and only stored in binary database at /var/lib/dirsrv/slap-ldap/db/. Only problem is these users have full power and I am not sure how to restrict their access.

  Read the article

• ASA firewalls: how does stateful filtering affect my access lists?

  - by Nate

  Ok, so assume that I have an ingress access list that looks like this: access-list outside_in extended ip permit any X.Y.Z.1 eq 25 access-group outside_in in interface outside And I want to do egress filtering. I want to allow inside machines to respond on port 80, and I want to allow ports over 1024. Given that the firewall is statefull, do I need to have the rule access-list inside_in extended ip permit X.Y.Z.1 any eq 25 in my inside_in ACL, or can I get away with just access-list inside_in extended ip permit any any gt 1024 access-group inside_in in interface inside In other words, if I apply an egress access list, do I have to explicitly allow machines to respond to requests allowed by the ingress access list, or does the statefullness of the firewall handle that for me? Thanks!

  Read the article

• iPlanet Authentication provider

  - by Travis

  Good day. I have stepped into project that requires a server migration that would change the means of authentication for our CAC/PKI SSL enabled website. We are using iPlanet 7 and Oracle Directory Server Enterprise 7 as our LDAP server. The situation is that the site is still CAC/PKI enabled, but at the firewall. The information we want to authenticate against is now in the http header. How do I configure iPlanet and LDAP to authenticate against the header instead of SSL? Thanks. Edit, Can this be done with IIS keeping the Directory Server EE LDAP in tact or is the ACL iPlanet only?

  Read the article

• HAPROXY per domain redirection

  - by SecondThought

  I'm trying to redirect requests to my load balancer by domain name with acl and hdr_dom, to a separate backend. The redirection works ok with the first request - 'GET /' (the destination server is a WordPress site) but when the client asks for the assets ('GET /blablabla/style.css' for example) the haproxy doesn't redirect it to the right backend anymore, but to the default one, with . In the haproxy log I can see the correct host that the request is for (the one that I defined in hdr_dom) but it's like that since the GET request itself is relative (I mean not containing the domain but only from the /blablabla and forth), haproxy doesn't recognize it with the hdr_dom. I'm just guessing here.. Please help...

  Read the article

• Deleting Time Machine in Mac OS X 10.6.4

  - by cappuccino

  Does anyone know how to delete Time Machine in Mac OS X 10.6.4? Before answering: sudo rm -rf /whateverthetimemachineis does not work Disabling the ACL permissions first with sudo fsaclctl -p /whatever -d does not work, sudo: fsaclctl: command not found Use the delete all backup feature in Time Machine... this is slow as hell, would take days. Need a command line solution. No I don't want to reformat the drive, I have other content on it, and no don't say I should have separated on two partition or two drives, I did it this say since partitions cannot be dynamically changed, and two drives is annoying since, whats the point of having a big drive?... plus has no relation to the issue at hand. Already googlied for hours and read everything on Super User, nothing working. and all solutions are the first 4. Any clues?

  Read the article

• Asterisk doesn't start properly at system startup. DNS lookup fails.

  - by leiflundgren

  When I start my Ubuntu system it attempts two DNS lookups. One to find out what my internet-routers external ip is. And one to find the IP of my PSTN-SIP-provider. Both fails. [Apr 7 22:14:54] WARNING[1675] chan_sip.c: Invalid address for externhost keyword: sip.mydomain.com ... [Apr 7 22:14:54] WARNING[1675] acl.c: Unable to lookup 'sip.myprovider.com' And since the DNS fails it cannot register properly a cannot make outgoing or incoming calls. If I later, after bootup, restart asterisk everything works excelent. Any idea how I should setup things so that either: Delay Asterisk startup so that DNS is up and healthy first. Somehow get Asterisk to re-try the DNS thing later. Regards Leif

  Read the article

• Is chroot the right choice for my use case?

  - by Anthony

  Backstory: I am working on setting up a MineCraft server and want to allow admins to have ssh access to the MineCraft server console and appropriate mc server files, but not the whole system. The console provided by the minecraft server is only available to the user that launched the process. In addition, the admins will need terminal access to some basic cli tools such as wget, cp, mv, rm, and a text editor. Plan: I have already setup the ssh aspect of things, requiring pre-shared keys and whatnot. Setup a jailed environment in which all user activity will be contained. Setup user accounts. - The first user account will be the minecraft user. The minecraft user will start the MC server in a multiuser screen session and allow the other admins to attach to it. - Subsequent users should have their own /home directory for normal usage. Setup acl for the appropriate files to allow each user to edit the mc server files. No one will be doing system updates, nor will anyone be installing any programs, so I'll be the only user with sudo. The Issues: I don't want the ssh users to have access to the whole system. Users will still need to use wget or curl to update the mc server files. Is chroot the right tool for this use case, or is there something more appropriate for the job? I have no experience setting up a chroot environment and have found several tools to aid in this process. Jailkit seems to be the most robust, but it's not in the standard repos.

  Read the article

• squid ip based authentication

  - by Ian R.

  I have 10 ip's on a VPS and squid3 installed. I want to lease all of them to 10 co-workers. The authentication should be ip-based. Basically I want to allow only their home ip address (not internal - we're not on a network) to connect to my squid. I would also like to offer them a dedicated ip from my outgoing addresses. I managed to get it working using username/password based authentication but some software do not support that feature so I would like to switch to this limit if possible. Any guidance/sample acl's?

  Read the article

• Asterisk doesn't start properly at system startup. DNS lookup fails.

  - by leiflundgren

  When I start my Ubuntu system it attempts two DNS lookups. One to find out what my internet-routers external ip is. And one to find the IP of my PSTN-SIP-provider. Both fails. [Apr 7 22:14:54] WARNING[1675] chan_sip.c: Invalid address for externhost keyword: sip.mydomain.com ... [Apr 7 22:14:54] WARNING[1675] acl.c: Unable to lookup 'sip.myprovider.com' And since the DNS fails it cannot register properly a cannot make outgoing or incoming calls. If I later, after bootup, restart asterisk everything works excelent. Any idea how I should setup things so that either: Delay Asterisk startup so that DNS is up and healthy first. Somehow get Asterisk to re-try the DNS thing later. Regards Leif

  Read the article

• Deleting Time Machine in Mac OS X 10.6.4

  - by cappuccino

  Does anyone know how to delete Time Machine in Mac OS X 10.6.4? Before answering: sudo rm -rf /whateverthetimemachineis does not work Disabling the ACL permissions first with sudo fsaclctl -p /whatever -d does not work, sudo: fsaclctl: command not found Use the delete all backup feature in Time Machine... this is slow as hell, would take days. Need a command line solution. No I don't want to reformat the drive, I have other content on it, and no don't say I should have separated on two partition or two drives, I did it this say since partitions cannot be dynamically changed, and two drives is annoying since, whats the point of having a big drive?... plus has no relation to the issue at hand. Already googlied for hours and read everything on Super User, nothing working. and all solutions are the first 4. Any clues?

  Read the article

• Unauthorized access error to html pages in IIS 7.0

  - by George2

  I am using VSTS 2008 + C# + .Net 3.5 + IIS 7.0. I have created a new web site and put an html file into the directory. And when I use browse function in IIS manager to browse the html file, I met with the following error, any ideas what is wrong? BTW: I am very confused about unauthorized error since I run the worker process under administrator account. From the error message, I am confused why the logon method is anonymous and not using administrator account? HTTP Error 401.3 - Unauthorized You do not have permission to view this directory or page because of the access control list (ACL) configuration or encryption settings for this resource on the Web server. Module IIS Web Core Notification AuthenticateRequest Handler StaticFile Error Code 0x80070005 Requested URL http://localhost:80/a.html Physical Path C:\test\simplehosttest\a.html Logon Method Anonymous Logon User Anonymous thanks in advance, George

  Read the article

• How to implement Restricted access to application features

  - by DroidUser

  I'm currently developing a web application, that provides some 'service' to the user. The user will have to select a 'plan' according to which she/he will be allowed to perform application specific actions but up to a limit defined by the plan. A Plan will also limit access to certain features, which will not be available at all for some plans. As an example : say there are 3 plans, 2 actions throughout the application users in plan-1 can perform action-1 3 times, and they can't perform action-2 at all users in plan-2 can perform action-1 10 times, action-2 5 times users in plan-3 can perform action-1 20 times, action-2 10 times So i'm looking for the best way to get this done, and my main concerns besides implementing it, are the following(in no particular order) maintainability/changeability : the number of plans, and type of features/actions will change in the final product industry standard/best practice : for future readiness!! efficiency : ofcourse, i want fast code!! I have never done anything like this before, so i have no clue about how do i go about implementing these functionalities. Any tips/guides/patterns/resources/examples? I did read a little about ACL, RBAC, are they the patterns that i need to follow? Really any sort of feedback will help.

  Read the article

• How to make TortoiseHg pull certain branch only?

  - by mark

  I have cloned the default branch of a big repository and now I wish to pull from the server using the TortoiseHg client. However, TortoiseHg proposes to pull from all the branches. Is it possible to instruct it to pull from the current branch only? So far I have seen suggestions to: Setup a hook on the client side to reject pulls from unwanted branches Check incoming revisions in TortoiseHg and only pull the ones belonging to the current branch Use the Mercurial ACL extension to deny access to all the branches, but the current one. I dislike all of these solutions, since all of them are client based. In all of them TortoiseHg actually pulls all of the branches (even in the second, where the pulled revisions are arranged into a bundle presented in the incoming revisions view) Is there an hg pull -b BRANCH equivalent in TortoiseHg? Thanks. EDIT I know how to do all of this using the Mercurial command line client - hg.exe. This question is specifically about the TortoiseHg GUI client.

  Read the article

• Squid3 not working. Access denied

  - by Nitish

  I installed SQUID3 on a Linux machine with two ethernet interfaces (eth0 and eth1). I used the default settings in the squid.conf file and uncommented the two lines acl localnet src 192.168.0.0/16 and http_access allow localnet. eth0 is connected to a router, which provides Internet access. It is assigned an IP 192.168.1.2 by the router. I manually configured eth1 to have an IP address 192.168.5.1. It is connected to a switch. Systems having IP addresses 192.168.5.x are connected to this switch. I ran these two commands for NAT: iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.5.1:3128 iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 But when I try to access internet from a system having IP 192.168.5.2 through the proxy I get an error that says "Access denied". What is wrong with my configuration?

  Read the article

< Previous Page | 68 69 70 71 72 73 74 75 76 77 78 79  | Next Page >