Search Results

Search found 2412 results on 97 pages for 'dc ou'.

Page 73/97 | < Previous Page | 69 70 71 72 73 74 75 76 77 78 79 80  | Next Page >

  • Linq-to-SQL question

    - by c11ada
    hey all, im really new to linq-to-SQL so this may sound like a really dumb question, i have the following code var query = from p in DC.General where p.GeneralID == Int32.Parse(row.Cells[1].Text) select new { p.Comment, }; how do i got about getting the result from this query to show in a text box ??

    Read the article

  • flv from vlc to ffmpeg live video error when no sound temporarily

    - by dvch
    Hi When we get live stream from vlc to ffmpeg , wherever there is sometimes 5-6 second no sound part of video , then ffmpeg is dead with this log flv @ 0x8b426d0]illegal ac vlc code at 4x6 [flv @ 0x8b426d0]Error at MB: 142 [flv @ 0x8b426d0]concealing 257 DC, 257 AC, 257 MV errors [mpegts @ 0x8b44e50]dts < pcr, TS is invalid Is there anyway to avoid this problem ?

    Read the article

  • Spaces while using "Print" in VBA

    - by Josh
    For some reason I am getting a lot of spaces in front of each value while trying to print to a flat text file. 'append headers Cells(start_row - 2, 1).Select For i = 1 To ActiveCell.SpecialCells(xlLastCell).Column If ActiveCell.Offset(0, 1).Column = ActiveCell.SpecialCells(xlLastCell).Column Then Print #finalCSV, Cells(start_row - 2, i) & "\n", Else Print #finalCSV, Cells(start_row - 2, i) & ",", End If Next i Example output: DC Capacity:hi, Resistive Capacity:lo, Resistive Capacity:hi, Reactive Capacity:lo, Is there any way to get rid of these spaces?

    Read the article

  • Creating keystore for jarsigner programmatically

    - by skayred
    I'm trying to generate keystore with certificate to use it with JarSigner. Here is my code: System.out.println("Keystore generation..."); Security.addProvider(new BouncyCastleProvider()); String domainName = "example.org"; KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN"); keyGen.initialize(1024, random); KeyPair pair = keyGen.generateKeyPair(); X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); int serial = new SecureRandom().nextInt(); v3CertGen.setSerialNumber(BigInteger.valueOf(serial < 0 ? -1 * serial : serial)); v3CertGen.setIssuerDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None")); v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30)); v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365*10))); v3CertGen.setSubjectDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None")); v3CertGen.setPublicKey(pair.getPublic()); v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption"); X509Certificate PKCertificate = v3CertGen.generateX509Certificate(pair.getPrivate()); FileOutputStream fos = new FileOutputStream("/Users/dmitrysavchenko/testCert.cert"); fos.write(PKCertificate.getEncoded()); fos.close(); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); char[] password = "123".toCharArray(); ks.load(null, password); ks.setCertificateEntry("hive", PKCertificate); fos = new FileOutputStream("/Users/dmitrysavchenko/hive-keystore.pkcs12"); ks.store(fos, password); fos.close(); It works, but when I'm trying to sign my JAR with this keystore, I get the following error: jarsigner: Certificate chain not found for: hive. hive must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain. I've discovered that there must be a private key, but I don't know how to add it to certificate. Can you help me?

    Read the article

  • How to fix this python error? OverflowError: cannot convert float infinity to integer

    - by aF
    Hello, it gives me this error: Traceback (most recent call last): File "C:\Users\Public\SoundLog\Code\Código Python\SoundLog\Plugins\NoisePlugin.py", line 113, in onPaint dc.DrawLine(valueWI, valueHI, valueWF, valueHF) File "C:\Python26\lib\site-packages\wx-2.8-msw-unicode\wx\_gdi.py", line 3177, in DrawLine return _gdi_.DC_DrawLine(*args, **kwargs) OverflowError: cannot convert float infinity to integer How can I avoid this to happen? Thanks in advance ;)

    Read the article

  • RenderTargetBitmap + Resource'd VisualBrush = incomplete image

    - by Will
    I've found a new twist on the "Visual to RenderTargetBitmap" question! I'm rendering previews of WPF stuff for a designer. That means I need to take a WPF visual and render it to a bitmap without that visual ever being displayed. Got a nice little method to do it like to see it here it goes private static BitmapSource CreateBitmapSource(FrameworkElement visual) { Border b = new Border { Width = visual.Width, Height = visual.Height }; b.BorderBrush = Brushes.Black; b.BorderThickness = new Thickness(1); b.Background = Brushes.White; b.Child = visual; b.Measure(new Size(b.Width, b.Height)); b.Arrange(new Rect(b.DesiredSize)); RenderTargetBitmap rtb = new RenderTargetBitmap( (int)b.ActualWidth, (int)b.ActualHeight, 96, 96, PixelFormats.Pbgra32); // intermediate step here to ensure any VisualBrushes are rendered properly DrawingVisual dv = new DrawingVisual(); using (var dc = dv.RenderOpen()) { var vb = new VisualBrush(b); dc.DrawRectangle(vb, null, new Rect(new Point(), b.DesiredSize)); } rtb.Render(dv); return rtb; } Works fine, except for one leeetle thing... if my FrameworkElement has a VisualBrush, that brush doesn't end up in the final rendered bitmap. Something like this: <UserControl.Resources> <VisualBrush x:Key="LOLgo"> <VisualBrush.Visual> <!-- blah blah --> <Grid Background="{StaticResource LOLgo}"> <!-- yadda yadda --> Everything else renders to the bitmap, but that VisualBrush just won't show. The obvious google solutions have been attempted and have failed. Even the ones that specifically mention VisualBrushes missing from RTB'd bitmaps. I have a sneaky suspicion this might be caused by the fact that its a Resource, and that lazy resource isn't being inlined. So a possible fix would be to, somehow(???), force resolution of all static resource references before rendering. But I have absolutely no idea how to do that. Anybody have a fix for this?

    Read the article

  • Generating a URL pattern when provided a set of 5 or so URLs

    - by ryan
    Provided with a set of URLs, I need to generate a pattern, For example: http://www.buy.com/prod/disney-s-star-struck/q/loc/109/213724402.html http://www.buy.com/prod/samsung-f2380-23-widescreen-1080p-lcd-monitor-150-000-1-dc-8ms-1920-x/q/loc/101/211249863.html http://www.buy.com/prod/panasonic-nnh765wf-microwave-oven-countertop-1-6-ft-1250w-panasonic/q/loc/66357/202045865.html http://www.buy.com/prod/escape-by-calvin-klein-for-women-3-4-oz-edp-spray/q/loc/66740/211210860.html http://www.buy.com/prod/v-touch-8gb-mp3-mp4-2-8-touch-screen-2mp-camera-expandable-minisd-w/q/loc/111/211402014.html Pattern is http://www.buy.com/prod/[^~]/q/loc/[^~].html

    Read the article

  • Understanding Device Contexts

    - by Smashery
    As a relative newcomer to MFC, I see Device Contexts (DCs) a lot. I vaguely understand that it's something to do with drawing, but the specifics are not very well explained anywhere that I can find. What does creating a "compatible Device Context" mean, and why is it important? What does SelectObject do, and how must I make a DC compatible first?

    Read the article

  • Java Netscape LDAP Remove One Attribute

    - by spex
    Hi, I have LDAP schema where are users. I need remove one attribute named "notify" which have values: phone number or mail or remove attribute from user. I found method LDAPConnection myCon = new LDAPConnection("localhost",389); myCon.delete("uid=test1, ou=People, o=domain.com, o=isp"); but this remove whole user and i need remove only one attribute "notifyTo" of this user. I need remove whole attribute not only its value. Thanks for reply

    Read the article

  • Jython saying "No visible constructors for class"

    - by clutch
    I have a jython servlet as part of a large application running in tomcat5. I tested a few Spring Framework classes and create the objects in the Jython servlet. When I try to create objects of classes in the application I catch an Exception message "No visible constructors for class". These java classes do have a public constructor class, such as: public SchoolImpl() { } I create the object in python: from com.dc.sports.entity import SchoolImpl ... school = SchoolImpl() What am I doing wrong?

    Read the article

  • Cant get description rss tag data with javascript

    - by AdamB
    I'm currently making a widget to take and display items from a feed. I have this working for the most part, but for some reason the data within the tag within the item comes back as empty, but I get the data in the and tags no problem. feed is and xmlhttp.responseXML object. var items = feed.getElementsByTagName("item"); for (var i=0; i<10; i++){ container = document.getElementById('list'); new_element = document.createElement('li'); title = items[i].getElementsByTagName("title")[0].firstChild.nodeValue; link = items[i].getElementsByTagName("link")[0].firstChild.nodeValue; alert(items[i].getElementsByTagName("description")[0].firstChild.nodeValue); new_element.innerHTML = "<a href=\""+link+"\">"+title+"</a> "; container.insertBefore(new_element, container.firstChild); } I have no idea why it wouldn't be working for the tag and would be for the other tags. Here is an example of the rss feed its trying to parse: <rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/"> <channel> <title>A title</title> <link>http://linksomehwere</link> <description>The title of the feed</description> <language>en-us</language> <item> <pubDate>Fri, 10 Jul 2009 11:34:49 -0500</pubDate> <title>Awesome Title</title> <link>http://link/to/thing</link> <guid>http://link/to/thing</guid> <description> <![CDATA[ <p>some html crap</p> blah blah balh ]]> </description> </item> </channel> </rss>

    Read the article

  • DataColumn.Expression Power

    - by Graham
    the following code Dim dc = New DataColumn(name, GetType(Double), "[col1] ^ [col2]") produces the following error: The expression contains unsupported operator '^'. Is this right, is the power operand not support in datacolumn expressions??? Anyone have an idea how i'd write this?

    Read the article

  • How do I check if a Linq to SQL entity has grandchildren?

    - by EdenMachine
    How can I find out if a Linq to SQL entity has grandchildren or not? Pseudo-code below: Return From p In dc.Processes Where p.Signers.Count > 0 and p.Signers.Signatures.Count > 0 Obviously I can't run the code above but I need to make sure that all the returning Processes have at least one Signer and that all of those Signers have at least one Signature. TIA!

    Read the article

  • How do I use a concatenation of 2 columns in a SQL DB in ASP.NET properly?

    - by user293357
    I'm using LinqToSql like this with a CheckBoxList in ASP.NET: var teachers = from x in dc.teachers select x; cbl.DataSource = teachers; cbl.DataTextField = "name"; cbl.DataValueField = "teacherID"; cbl.DataBind(); I want to display both "firstname" and "name" in the DataTextField however. I found this solution but I'm using LINQ: http://stackoverflow.com/questions/839223/concatenate-two-fields-in-a-dropdown How do I do this?

    Read the article

  • java.util.Random zero argument enquiry

    - by deerb
    I am trying to code a game following instructions contained in an OU TMA document which read: In the constructor, write code to assign a new instance of Random to ran which you should create using the Random class's zero argument constructor Will this code work? Random ran = new Random(0) ; I am a relative newbie to Java, and I don't understand exactly what the instructions mean

    Read the article

  • SCOM 2012 DNS Forwarder Availability Monitor

    - by Massimo
    Background: I have an environment with two different AD domains, each in its own forest, each with two Windows Server 2008 R2 domain controllers acting as DNS servers. There is no trust between the domains. Each DNS server manages the main DNS zone for its AD domain, and then some other zones, including the reverse lookup zone for its IP subnets; all zones are AD-integrated; all DNS servers which manages a zone are correctly listed as authoritative name servers for that zone. So, the situation is like this (using fake names and IP addresses): Domain A: DNS domain: a.dom IP subnet: 192.168.1.X DC/DNS Servers: serverA1.a.dom (192.168.1.1) and serverA2.a.dom (192.168.1.2) Authoritative zones: a.dom, 1.168.192.in-addr.arpa, somezone.local Domain B: DNS domain: b.dom IP subnet: 10.0.0.X DC/DNS Servers: serverB1.b.dom (10.0.0.1) and serverB2.b.dom (10.0.0.2) Authoritative zones: b.dom, 0.0.10.in-addr.arpa, someotherzone.local DNS servers in domain A have conditional forwarders defined for each zone managed by DNS servers in domain B, forwarding to both domain B's DNS servers; DNS servers in domain B have the opposite configuration. All forwarders are stored in Active Directory. All is working perfectly, and computers in each domain can resolve forward and reverse DNS queries for both domains, using their domain's DNS servers. The problem: I have SCOM 2012 deployed in domain A, with the SCOM agent installed on both DCs; the management packs for Active Directory and DNS Server are installed and up-to-date. I have a series of alerts like the following ones on both domain controllers; each alert is generated for each forwarded zone and for each forwarded server: Forwarder someotherzone.local (10.0.0.1) cannot resolve the host name 192.168.1.1,someotherzone.local for serverA1.a.dom Forwarder someotherzone.local (10.0.0.2) cannot resolve the host name 192.168.1.1,someotherzone.local for serverA1.a.dom Forwarder someotherzone.local (10.0.0.1) cannot resolve the host name 192.168.1.2,someotherzone.local for serverA2.a.dom Forwarder someotherzone.local (10.0.0.2) cannot resolve the host name 192.168.1.2,someotherzone.local for serverA2.a.dom Forwarder 0.0.10.in-addr.arpa (10.0.0.1) cannot resolve the host name 192.168.1.1,0.0.10.in-addr.arpa for serverA1.a.dom Forwarder 0.0.10.in-addr.arpa (10.0.0.2) cannot resolve the host name 192.168.1.1,0.0.10.in-addr.arpa for serverA1.a.dom Forwarder 0.0.10.in-addr.arpa (10.0.0.1) cannot resolve the host name 192.168.1.2,0.0.10.in-addr.arpa for serverA2.a.dom Forwarder 0.0.10.in-addr.arpa (10.0.0.2) cannot resolve the host name 192.168.1.2,0.0.10.in-addr.arpa for serverA2.a.dom The only exception is the main AD DNS zone managed by domain B's DNS servers (b.dom): for that conditional forwarder, no alert is generated and the forwarder availability monitor is green. Ok, what does this mean? What are those monitors trying to tell me? What are they checking? What's actually wrong? And why there is no error for the "b.dom" zone, which is configured in the exact same way as the other ones, both as a zone in domain B's DNS servers and as a forwarder in domain A's DNS servers?

    Read the article

  • Sharepoint AD imported users are becomming sporadically corrupted, causing us to have to create a new account

    - by TrevJen
    Sharepoint 2007 MOSS with AD imported users. All servers are 2008. ***UPDATE More details in testing. This Sharepoint is in an AD Child domain (clients.mycompany.local), which is sub to the root of the AD tree (mycompany.local). The user is in the parent tree (as are half of the other functional users. I have elevated the user rights to Domain. In looking at the logs, it seems that the Sharepoint server is trying to authenticate them by querying the DC for the clients domain (which is the way it normally works and still works for all existing identically configured users). I think if I could force it to authenticate up to the top domain DC then it would be ok?? I have around 50 users, over the past 2 months, I have had a handful of the users suddenly unable to login to Sharepoint. When they login, they either get a blank screen or they are repropmted. These users are using accounts that have been used for many months, sometimes the problem originates with a password change. In all cases, the users account works on every other Active Directory authenticated resource (domain, exchange, LDAP). In the most recent case, last night I was forced deleted a user ("John smith") because of corruption. The orifinal account name was jsmith. I deleted him from active directory, then deleted him from the profile list in Sharepoint Shared Services. I could not find a way to delete him from the Sharepoint user list, but I reran the import after recreating his account (renamed it too just to be sure to "smithj"). At first, this did not wor, the user could still access all other resources but Sharepoint. then, some 30 minutes later it inexplicably started working. This morning, the user changed passwords, which immediatly broke the login on Sharepoint again. Logs by request from matt b Office SharePoint Server Date: 4/13/2010 2:00:00 PM Event ID: 7888 Task Category: Office Server General Level: Error Keywords: Classic User: N/A Computer: nb-portal-01.clients.netboundary.local Description: A runtime exception was detected. Details follow. Message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) – TrevJen 19 hours ago Techinal Details: System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) at Microsoft.SharePoint.SPGlobal.HandleUnauthorizedAccessException(UnauthorizedAccessException ex) at Microsoft.SharePoint.Library.SPRequest.UpdateField(String bstrUrl, String bstrListName, String bstrXML) at Microsoft.SharePoint.SPField.UpdateCore(Boolean bToggleSealed) – TrevJen 19 hours ago at Microsoft.SharePoint.SPField.Update() at Microsoft.Office.Server.UserProfiles.SiteSynchronizer.UserSynchronizer.PushSchemaToList(Boolean& bAddedColumn) at Microsoft.Office.Server.UserProfiles.SiteSynchronizer.UserSynchronizer.SynchFull() at Microsoft.Office.Server.UserProfiles.SiteSynchronizer.Synch() at Microsoft.Office.Server.Diagnostics.FirstChanceHandler.ExceptionFilter(Boolean fRethrowException, TryBlock tryBlock, FilterBlock filter, CatchBlock catchBlock, FinallyBlock finallyBlock) – TrevJen 19 hours ago Log Name: Application Source: Office SharePoint Server Date: 4/13/2010 2:00:00 PM Event ID: 5553 Task Category: User Profiles Level: Error Keywords: Classic User: N/A Computer: nb-portal-01.clients.netboundary.local Description: failure trying to synch site 6fea15e2-0899-4c19-9016-44d77834c018 for ContentDB b2002b0b-3d4c-411a-8c4f-3d047ca9322c WebApp 3aff7051-455d-4a70-a377-5b1c36df618e. Exception message was Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)). – TrevJen 18 hours ago

    Read the article

  • Unable to Mange DNS via MMC

    - by IT Helpdesk Team Manager
    When trying to access the DNS service on Microsoft Windows Server 2003 (Build 3790) domain controller/schema master via the MMC DNS snap in or locally via the DNS MMC from Administrative tools I'm getting a red "X" through the icon for the DNS Server. The inability to access DNS management via MMC happens on all domain controllers as well. We've looked at items such as the DHCP client not being started, incorrect DNS setup ( the machine points at itself and another DC ), the DNS service not running ( it is and all DNS queries via NSLOOKUP work correctly ), dslint returns the correct information and functions as expected. There is the following entry in the DNS event log: The DNS server could not initialize the remote procedure call (RPC) service. If it is not running, start the RPC service or reboot the computer. The event data is the error code. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. 0000: 0000051b dnscmd fails with RPC server unavailable yet RPC is started: C:\Documents and Settings\Administrator.DOMAIN>dnscmd /Info Info query failed status = 1722 (0x000006ba) Command failed: RPC_S_SERVER_UNAVAILABLE 1722 (000006ba) DCDIAG /TEST:DNS /V /E produces the following errors: Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running) [Error details: 1753 (Type: Win32 - Description: There are no more endpoints available from the endpoint mapper.)] Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running) [Error details: 1722 (Type: Win32 - Description: The RPC server is unavailable.)] The DNS server could not initialize the remote procedure call (RPC) service. If it is not running, start the RPC service or reboot the computer. The event data is the error code. A DNS query for _ldap._tcp.dc._msdcs. returns the correct results. All domain and ADS related activities are working except that I can't manage my DNS via MMC or dnscmd. Any thoughts or solutions would be greatly appreciated. EDIT: Adding Registry export per request: Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc Class Name: <NO CLASS> Last Write Time: 10/18/2012 - 2:29 PM Value 0 Name: DCOM Protocols Type: REG_MULTI_SZ Data: ncacn_ip_tcp Value 1 Name: UuidSequenceNumber Type: REG_DWORD Data: 0xb19bd0f Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\ClientProtocols Class Name: <NO CLASS> Last Write Time: 3/9/2007 - 12:11 PM Value 0 Name: ncacn_np Type: REG_SZ Data: rpcrt4.dll Value 1 Name: ncacn_ip_tcp Type: REG_SZ Data: rpcrt4.dll Value 2 Name: ncadg_ip_udp Type: REG_SZ Data: rpcrt4.dll Value 3 Name: ncacn_http Type: REG_SZ Data: rpcrt4.dll Value 4 Name: ncacn_at_dsp Type: REG_SZ Data: rpcrt4.dll Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\NameService Class Name: <NO CLASS> Last Write Time: 2/20/2006 - 4:48 PM Value 0 Name: DefaultSyntax Type: REG_SZ Data: 3 Value 1 Name: Endpoint Type: REG_SZ Data: \pipe\locator Value 2 Name: NetworkAddress Type: REG_SZ Data: \\. Value 3 Name: Protocol Type: REG_SZ Data: ncacn_np Value 4 Name: ServerNetworkAddress Type: REG_SZ Data: \\. Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\NetBios Class Name: <NO CLASS> Last Write Time: 2/20/2006 - 4:48 PM Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy Class Name: <NO CLASS> Last Write Time: 3/9/2007 - 12:11 PM Value 0 Name: Enabled Type: REG_DWORD Data: 0x1 Value 1 Name: ValidPorts Type: REG_SZ Data: pdc:100-5000 Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService Class Name: <NO CLASS> Last Write Time: 2/20/2006 - 4:48 PM Value 0 Name: 9 Type: REG_SZ Data: secur32.dll Value 1 Name: 10 Type: REG_SZ Data: secur32.dll Value 2 Name: 14 Type: REG_SZ Data: schannel.dll Value 3 Name: 16 Type: REG_SZ Data: secur32.dll Value 4 Name: 1 Type: REG_SZ Data: secur32.dll Value 5 Name: 18 Type: REG_SZ Data: secur32.dll Value 6 Name: 68 Type: REG_SZ Data: netlogon.dll

    Read the article

  • Auth-Type :- Reject in RADIUS users file matches inner tunnel request but sends Access-Accept

    - by mgorven
    I have WPA2 802.11x EAP authentication setup using FreeRADIUS 2.1.8 on Ubuntu 10.04.4 talking to OpenLDAP, and can successfully authenticate using PEAP/MSCHAPv2, TTLS/MSCHAPv2 and TTLS/PAP (both via the AP and using eapol_test). I am now trying to restrict access to specific SSIDs based on the LDAP groups which the user belongs to. I have configured group membership checking in /etc/freeradius/modules/ldap like so: groupname_attribute = cn groupmembership_filter = "(|(&(objectClass=posixGroup)(memberUid=%{User-Name}))(&(objectClass=posixGroup)(uniquemember=%{User-Name})))" and I have configured extraction of the SSID from Called-Station-Id into Called-Station-SSID based on the Mac Auth wiki page. In /etc/freeradius/eap.conf I have enabled copying attributes from the outer tunnel into the inner tunnel, and usage of the inner tunnel response in the outer tunnel (for both PEAP and TTLS). I had the same behaviour before changing these options however. copy_request_to_tunnel = yes use_tunneled_reply = yes I'm running eapol_test like this to test the setup: eapol_test -c peap-mschapv2.conf -a 172.16.0.16 -s testing123 -N 30:s:01-23-45-67-89-01:Example-EAP with the following peap-mschapv2.conf file: network={ ssid="Example-EAP" key_mgmt=WPA-EAP eap=PEAP identity="mgorven" anonymous_identity="anonymous" password="foobar" phase2="autheap=MSCHAPV2" } With the following in /etc/freeradius/users: DEFAULT Ldap-Group == "employees" and running freeradius-Xx, I can see that the LDAP group retrieval works, and that the SSID is extracted. Debug: [ldap] performing search in dc=example,dc=com, with filter (&(cn=employees)(|(&(objectClass=posixGroup)(memberUid=mgorven))(&(objectClass=posixGroup)(uniquemember=mgorven)))) Debug: rlm_ldap::ldap_groupcmp: User found in group employees ... Info: expand: %{7} -> Example-EAP Next I try to only allow access to users in the employees group (regardless of SSID), so I put the following in /etc/freeradius/users: DEFAULT Ldap-Group == "employees" DEFAULT Auth-Type := Reject But this immediately rejects the Access-Request in the outer tunnel because the anonymous user is not in the employees group. So I modify it to only match inner tunnel requests like so: DEFAULT Ldap-Group == "employees" DEFAULT FreeRADIUS-Proxied-To == "127.0.0.1" Auth-Type := Reject, Reply-Message = "User does not belong to any groups which may access this SSID." Now users which are in the employees group are authenticated, but so are users which are not in the employees group. I see the reject entry being matched, and the Reply-Message is set, but the client receives an Access-Accept. Debug: rlm_ldap::ldap_groupcmp: Group employees not found or user is not a member. Info: [files] users: Matched entry DEFAULT at line 209 Info: ++[files] returns ok ... Auth: Login OK: [mgorven] (from client test port 0 cli 02-00-00-00-00-01 via TLS tunnel) Info: WARNING: Empty section. Using default return values. ... Info: [peap] Got tunneled reply code 2 Auth-Type := Reject Reply-Message = "User does not belong to any groups which may access this SSID." ... Info: [peap] Got tunneled reply RADIUS code 2 Auth-Type := Reject Reply-Message = "User does not belong to any groups which may access this SSID." ... Info: [peap] Tunneled authentication was successful. Info: [peap] SUCCESS Info: [peap] Saving tunneled attributes for later ... Sending Access-Accept of id 11 to 172.16.2.44 port 60746 Reply-Message = "User does not belong to any groups which may access this SSID." User-Name = "mgorven" and eapol_test reports: RADIUS message: code=2 (Access-Accept) identifier=11 length=233 Attribute 18 (Reply-Message) length=64 Value: 'User does not belong to any groups which may access this SSID.' Attribute 1 (User-Name) length=9 Value: 'mgorven' ... SUCCESS Why isn't the request being rejected, and is this the right way to implement this?

    Read the article

< Previous Page | 69 70 71 72 73 74 75 76 77 78 79 80  | Next Page >