Search Results

Search found 3366 results on 135 pages for 'openvpn auth ldap'.

Page 89/135 | < Previous Page | 85 86 87 88 89 90 91 92 93 94 95 96  | Next Page >

• Password expiration notice for Active Directory

  - by keithosu

  Are there any tools/apps/scripts out there that will do password expiry notification for Windows 2008 Active Directory credentials? This is needed for our web apps that use Active Directory for LDAP authentication. The problem is those apps do not notify you that your password is going to expire when you login. We have many offsite users who do not have machines bound to the AD. So there is no way to let them know to reset their password. I'd like the user to be notified 30,7 and 1 day before it expires. I'd also like our help desk to get an email for the expiring passwords for the week and recently expired passwords. I've looked at oldcmp.exe from link text and that gets me my reports but it does not do the automation that I'm looking for on the individual users.

  Read the article

• Can you recommend a robust OpenAPI 2.0 provider?

  - by larsks

  Help me find a robust OpenID 2.0 provider! We're looking at various SSO solutions for our organization, and I would like to suggest OpenID as a viable option, since (a) there is good consumer support in a number of web applications, and (b) it's simpler to implement than Shibboleth, which is the alternative technology. However, this requires that we find a robust OpenID provider, ideally one meeting the 2.0 specification. The only solutions I've come across so far are: Atlassian Crowd This looks great, although the $4000 price tag may make it a tough sell. Community-ID This looks like an interesting idea, but I'm not sure the project quality is at a suitable level (yet). In particular, it's not clear if LDAP support actually works (which will be a requirement in our environment). Have you implemented OpenID in your environment? What are you using? Have you selected an alternative SSO technology?

  Read the article

• Samba4 advice for production use

  - by pgb

  I have an old Samba 3 + LDAP server installed that needs to be rebuilt. I'm weighting my options, and Windows Server seems too expensive at the moment, and Samba 4 appeared to be a nice option, coupled with the last Bind 9 that can dynamically add the computers to the DNS. I have about 30 workstations, so I still consider it a small network. My questions are: Is Samba 4 stable enough for production? It seems as if the Samba team is too cautious on when to call their version final, or even beta, as compared with other open source projects. What Linux distribution would you recommend to set it up? I usually use Ubuntu Server, but may use another one if installing / maintaining Samba 4 is better on that one.

  Read the article

• Mystery "users" email group

  - by dangowans

  This morning, our entire company received a spam message sent to [email protected], where "ourdomain.on.ca" is our actual domain. There is a distinguished name that this could correspond to: CN=Users,DC=ourdomain,DC=on,DC=ca Looking at the attributes though, there is no mail, no proxyAddresses, no signs that there is a mailbox configured there. I did some LDAP queries, searching for: (proxyAddresses=smtp:[email protected]) ([email protected]) But am not seeing any records. (I also search for known email addresses to ensure the tree was being searched properly.) We are running Exchange 2003. Is there another place to look for group email addresses? Is it possible that the distinguished name is being automatically translated to an email address?

  Read the article

• Can I force NFS automounts to use NFSv3?

  - by Steve

  I have a linux server that is exporting NFSv4 as well as NFSv3. I have a Fedora14 client that is defaulting to NFSv4 when automounting NFS shares off of the linux server, and it seems to be causing some problems. All my other linux clients on the network are mounting via NFSv3 without issue, so is there a way I can tell automount to mount the share via v3? I am pulling my automount maps via LDAP, with an entry in my /etc/auto.master file like so: +auto_master, so I assume it's a bit different than listing options with a regular automount map? (.i.e. /home --nfsvers=3 fileserver:/DATA)

  Read the article

• DKIMPROXY signing wrong domain

  - by user64566

  Just.... wont sign a thing... The dkimproxy_out.conf: # specify what address/port DKIMproxy should listen on listen 127.0.0.1:10028 # specify what address/port DKIMproxy forwards mail to relay 127.0.0.1:10029 # specify what domains DKIMproxy can sign for (comma-separated, no spaces) domain tinymagnet.com,hypnoenterprises.com # specify what signatures to add signature dkim(c=relaxed) signature domainkeys(c=nofws) # specify location of the private key keyfile /etc/postfix/dkim/private.key # specify the selector (i.e. the name of the key record put in DNS) selector mail The direct connection straight to the server, making it clear that this is a problem with dkimproxy and not postfix... mmxbass@hypno1:~$ telnet localhost 10028 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. 220 hypno1.hypnoenterprises.com ESMTP Postfix (Debian/GNU) EHLO hypno1.hypnoenterprises.com 250-hypno1.hypnoenterprises.com 250-PIPELINING 250-SIZE 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM:<[email protected]> 250 2.1.0 Ok RCPT TO:<[email protected]> 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> SUBJECT:test . 250 2.0.0 Ok: queued as B62A78D94F QUIT 221 2.0.0 Bye Now lets look at the mail headers as reported by myiptest.com: From [email protected] Thu Dec 23 18:57:14 2010 Return-path: Envelope-to: [email protected] Delivery-date: Thu, 23 Dec 2010 18:57:14 +0000 Received: from [184.82.95.154] (helo=hypno1.hypnoenterprises.com) by myiptest.com with esmtp (Exim 4.69) (envelope-from ) id 1PVqLi-0004YR-5f for [email protected]; Thu, 23 Dec 2010 18:57:14 +0000 Received: from hypno1.hypnoenterprises.com (localhost.localdomain [127.0.0.1]) by hypno1.hypnoenterprises.com (Postfix) with ESMTP id 878418D902 for ; Thu, 23 Dec 2010 13:57:26 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=hypnoenterprises.com; h= from:to:subject:date:mime-version:content-type :content-transfer-encoding:message-id; s=mail; bh=uoq1oCgLlTqpdD X/iUbLy7J1Wic=; b=HxBKTGjzTpZSZU8xkICtARCKxqriqZK+qHkY1U8qQlOw+S S1wlZxzTeDGIOgeiTviGDpcKWkLLTMlUvx8dY4FuT8K1/raO9nMC7xjG2uLayPX0 zLzm4Srs44jlfRQIjrQd9tNnp35Wkry6dHPv1u21WUvnDWaKARzGGHRLfAzW4= Received: from localhost (localhost.localdomain [127.0.0.1]) by hypno1.hypnoenterprises.com (Postfix) with ESMTP id 2A04A8D945 for ; Thu, 23 Dec 2010 13:57:26 -0500 (EST) X-Virus-Scanned: Debian amavisd-new at hypno1.hypnoenterprises.com Received: from hypno1.hypnoenterprises.com ([127.0.0.1]) by localhost (hypno1.hypnoenterprises.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ua7BnnzmIaUO for ; Thu, 23 Dec 2010 13:57:25 -0500 (EST) Received: from phoenix.localnet (c-76-23-245-211.hsd1.ma.comcast.net [76.23.245.211]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by hypno1.hypnoenterprises.com (Postfix) with ESMTPSA id 48A0D8D90D for ; Thu, 23 Dec 2010 13:57:25 -0500 (EST) From: Joshua Pech To: [email protected] Subject: test Date: Thu, 23 Dec 2010 13:57:25 -0500 User-Agent: KMail/1.13.5 (Linux/2.6.32-5-amd64; KDE/4.4.5; x86_64; ; ) MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: DomainKey-Status: no signature Received-SPF: pass (myiptest.com: domain of tinymagnet.com designates 184.82.95.154 as permitted sender) Notice how the dkim signature specifies the d=hypnoenterprises.com.... why?

  Read the article

• Double VPN Network Authentication

  - by Pyromanci

  I have a project I'm working on and looking for some info. Right now I have a VPN network using Cisco Pix 501's for the vpn clients and a Cisco VPN Concentrator 3000 for the VPN Server. Since the Pix is constantly connected to the vpn, I want to add a extra level of authentication. Meaning when the user on the other end goes to access anything on the VPN they are asked for a username password before the connection is established. I've never done this sort of structure before. So I'm not even sure where to really being or even if my current hardware can do something like this, or if i need to through in some sort of radius/LDAP/Active Directory type server into the mix.

  Read the article

• Simple one-way synchronisation of user password list between servers

  - by Renaud Bompuis

  Using a RedHat-derivative distro (CentOS), I'd like to keep the list of regular users (UID over 500), and group (and shadow files) pushed to a backup server. The sync is only one-way, from the main server to the backup server. I don't really want to have to deal with LDAP or NIS. All I need is a simple script that can be run nightly to keep the backup server updated. The main server can SSH into the backup system. Any suggestion? Edit: Thanks for the suggestions so far but I think I didn't make myself clear enough. I'm only looking at synchronising normal users whose UID is on or above 500. System/service users (with UID below 500) may be different on both system. So you can't just sync the whole files I'm afraid.

  Read the article

• Choosing a Wiki for an academic institute

  - by abhishekgupta92

  I need to choose a Wiki. Please someone help. Following are my requirements: 1) Need good control to the access variables 2) LDAP integration support 3) User Group Support 4) Good Themes and Templates Mediawiki has the problem that it does not support Users Groups that intutively. Twiki and Foswiki have a problem that any authenticated user that has write permissions for a topic also have the write to change the particualar permissions for the topic. Else, can someone suggest me where to look for the answer. I know about the WikiMatrix

  Read the article

• Choosing a Wiki for an academic institute

  - by abhishekgupta92

  I need to choose a Wiki. Please someone help. Following are my requirements: 1) Need good control to the access variables 2) LDAP integration support 3) User Group Support 4) Good Themes and Templates Mediawiki has the problem that it does not support Users Groups that intutively. Twiki and Foswiki have a problem that any authenticated user that has write permissions for a topic also have the write to change the particualar permissions for the topic. Else, can someone suggest me where to look for the answer. I know about the WikiMatrix

  Read the article

• How do I install php-gd?

  - by user42577

  I've done phpinfo() to see if it was installed but I see no mention of the gd libraries anywhere. I ran this command (rpm -qa | grep php) and this is what I see: php-gd-4.3.9-3.18.1.swsoft php-mysql-4.3.9-3.18.1.swsoft php-pgsql-4.3.9-3.18.1.swsoft php-4.3.9-3.18.1.swsoft php-domxml-4.3.9-3.18.1.swsoft php-imap-4.3.9-3.18.1.swsoft php-mbstring-4.3.9-3.18.1.swsoft php-ncurses-4.3.9-3.18.1.swsoft php-pear-4.3.9-3.18.1.swsoft php-snmp-4.3.9-3.18.1.swsoft php-devel-4.3.9-3.18.1.swsoft php-ldap-4.3.9-3.18.1.swsoft php-odbc-4.3.9-3.18.1.swsoft php-xmlrpc-4.3.9-3.18.1.swsoft My server is a linux box with php5 installed. I also tried to run yum install php5-gd to no avail.What else should I do or check to get it installed?

  Read the article

• OpenLDAP server logs filled with "TLS negotiation failure"

  - by WildVelociraptor

  I recently migrated an old OpenLDAP setup to a newer server, with a more robust certificate setup. Currently, most hosts are required to verify the cert matches the host: tls_checkpeer yes TLS_REQCERT always In the server logs, there are multiple occurences of: Nov 6 10:45:08 <servername> slapd[1773]: conn=2785646 fd=35 closed (TLS negotiation failure) These errors appear from multiple hosts, but there don't seem to be any issues actually logging into those servers with an LDAP account. Does anyone know what would cause these errors? The server is running Ubuntu 12.04.2, and OpenLDAP version 2.4.28. The cert was generated using GnuTLS.

  Read the article

• In ADUC MMC, Advanced View, how to get Attribute Editor tab on the result of a Find?

  - by geoffc

  In Win2008 MS added a new Tab on objects in ADUC. Called Attribute Editor it is like Novell Console One's Other tab, or an arbitrary LDAP editor view, or an ADSI Edit style view. Basically it shows all allowed attributes for the object class, and allows you to edit according to your permissions. You need to enable Advanced Options in the View menu before it shows up. This is great, however it only shows up when you browse the directory tree and select an object. If you use the Find tool and open an object Attribute Editor is not shown. How annoying! Especially if your domain has more than 2000 users in a single container, then you almost must use Find to get to an object. Is there any way to make the Attribute Editor tab show up after using Find to open an object?

  Read the article

• Configuring Ubuntu 10.04's Greeter Screen

  - by Skizz

  I have an Ubuntu server (9.04 at the moment) and an Ubuntu desktop which I recently upgraded to 10.04. Once I'd set up the users and groups on the desktop to match the server (I'm new to this, I think LDAP would do this for me, but that's another question), the friendly greeter screen no longer displays the same set of users1. In 9.04 (the previous version running on the desktop PC) there were four users shown. These had UIDs of 500 to 510. Changing the UIDs is one solution, but that would mean changing the UIDs on all my linux PCs, and that is a might PITA (unless there's a tool to make it less painful). How can I get the greeter in 10.04 to show users with UIDs in the 500s without resorting to changing the UIDs? I use the greeter screen with user pictures as the PC is mainly for use by my young children and clicking the picture is a bit easier (they still need to type a password though).

  Read the article

• Run script when shutting down ubuntu before the logged in user is logged out

  - by Travis

  I'm writing a script to backup some local directories on a unix machine (Ubuntu) to a samba drive. The script works fine and I've got it running at shutdown and restart using the method described at http://en.kioskea.net/faq/3348-ubuntu-executing-a-script-at-startup-and-shutdown It works by placing the backup script into the /etc/rc6.d and /etc/rc0.d directories. However there is a problem. After looking at the scripts logfile it seems to be run after the user is logged out. We are using LDAP authentication and when the user logs out, the system cannot backup to their samba share. Does anyone know of anyway to run the script before the user is logged out?

  Read the article

• "RPC Server is unavailable" on Windows 7 Client with Samba3 making logon impossible

  - by HalloDu

  I am running an Samba 3.4.* Server with LDAP Backend on Ubuntu 10.04 LTS as a PDC for purely Windows 7 Clients (about 50). It worked quite fine for a long time, but now sometimes on some machines (really strange to replicate) I cannot login, because he tells me that there are no logon servers. When I look in the machines eventlog after logging in locally, the only error it shows is: "RPC Server is unavailable". The system was ported quite a while back from another machine running the same software versions to this new one. Are there maybe trust or caching issues between the workstations and the domain controller? The number of machines affecting is steadily increasing and so do you know any reason as to why this problem occurs? Any information on workstation and domain trust would also be welcome (After googleing I did not find anything really enlightening).

  Read the article

• Windows Server 2003 - passwordless access to \\myhost\ but not \\myhost.mydomain.net\

  - by Charles Duffy

  I have a Windows Server 2003 system on which passwordless access to local UNC paths is possible using the server's unqualified hostname or its IP address, but not via its FQDN -- even when the hosts file is used to map that FQDN directly to 127.0.0.1. That is: \\127.0.0.1\ - passwordless \\myhost\ - passwordless \\myhost.mydomain.com\ - brings up an authentication dialog Unfortunately, I have a local application trying to resolve UNC paths including the host's FQDN. I've tried resolving myhost.mydomain.com to 127.0.0.1 in both hosts and lmhosts, and calling ping myhost.mydomain.com at the command prompt gives the appearance that this resolution has taken effect; even so, attempting to open \\myhost.mydomain.com\ from Windows Explorer brings up a password prompt, while \\127.0.0.1\ does not. The system is using an OpenDirectory server (Apple's Kerberos+LDAP directory service) for authentication.

  Read the article

• Setting up dovecot on OpenBSD

  - by Jonas Byström

  I'm a *nix n00b that just installed dovecot (the selection with no ldap, mysql or pgsql) on OpenBSD 4.0 and I want to set it up for imap use, but I'm having a hard time finding documentation that I can understand. It currently running on port 143 (checked with telnet) but from there I need to do the following: I need some accounts, the once already on the system are fine if I can get those running (seemed to be some dovecot option somehow?), or just adding a few manually is ok too. Was there some setting for this in the default /etc/dovecot.conf? passdb bsdauth {} is uncommented by default... I need to create imap folders, or subfolders. How can I do that? Hopefully not, but anything else I need to do? I want to run without certification validation and no SSL/TLS, would this work by default (client-side settings)?

  Read the article

• nagios contact groups to check_mk

  - by Skiaddict

  I have Nagios installed with traditional configuration files. I have created some contact groups and assigned them to hosts. For web UI I'm using check_mk. And here's the question: Check_mk supports showing hosts/services based on contact group membership. But I can't use the Nagios contact groups in check_mk. (Result should be that if person XYZ is logged in, he see only hosts and services assigned to him.) My users are in LDAP (I'm using check_mk login form, not apache authorisation). I can't find any information about this in documentation so if someone have experience, please tell me how this works. The problem is that I cannot let everybody be admin and receive all alerts...

  Read the article

• Wine not finding some files

  - by Levans

  I'm having strange issues with Wine : If I look a C:\windows\system32\drivers\ in wine explorer, the directory looks empty, while the directory ~/.wine/drive_c/windows/system32/drivers is not. Plus, having the H: drive mapped to my home directory, I can look at H:\.wine\drive_c\windows\system32\drivers and it is not empty, the files are here ! Thus it seems Wine has the rights to access these files. So why don't they appear on the C: drive ? Some of my programs need them. I'm using Gentoo Linux, and Wine is version 1.7.0 compiled with these useflags (from eix) : X alsa cups fontconfig gecko jpeg lcms ldap mono mp3 ncurses nls openal opengl perl png prelink run-exes ssl threads truetype udisks xcomposite xinerama xml -capi -custom-cflags -dos -gphoto2 -gsm -gstreamer -odbc -opencl -osmesa -oss -pulseaudio -samba -scanner -selinux -test -v4l ABI_MIPS="-n32 -n64 -o32" ABI_X86="32 64 -x32" ELIBC="glibc" EDIT: I just updated to wine 1.7.4 and nothing changed.

  Read the article

• Quick and dirty user management service for Linux VMs?

  - by quack quixote

  Background I have a home server running Debian, and a workstation that runs various VirtualBox VMs (mostly Linuxen but some Windows). At the moment, I'm creating my main user account anew for every new Linux VM. I'd like to make use of a centralized user-management scheme instead, so I can just configure the new VMs for the directory technology and let them handle user lookups automatically. The last time I worked with anything like this, NIS+ was still in fashion. I have a vague notion of what LDAP and Active Directory are, but no knowledge of how to configure them for what I want. Question What user-management/network-directory technology should I use for providing user accounts to my network? The server must run on Debian Lenny. Client configuration should be simple point-at-server-and-go. I need an example configuration for one sample user account. (nice-to-have) I may want to mount the user's home directory from the server. (nice-to-have) The same configuration works with Windows clients.

  Read the article

• Looking for a central image database and tagging system for a group of users

  - by jstarek

  I'm doing IT support for a small volunteer organisation who needs to centrally store and organize around 2500 photos. Can anyone here recommend a database or similar system which matches the following criteria: Intuitive to use for users with little computer experience Multi-user support, ideally with integration in our existing LDAP user directory Should have a web-interface Not a hosted solution like Picasa (because we have a rather slow internet connection with very slow upload) Should allow tagging of images, sorting by various criteria and storing copyright information If there are native GNOME and/or Windows clients for the tool, that would be a great benefit. Many thanks in advance!

  Read the article

• Can vCenter 4 authenticate and authorize against a virtual directory server??

  - by iforeman

  Hi I am looking into Identity managment in our environment. We currently use Active Directory and Sun's Enterprise Directory server (6.3). I was wondering if I used the Virtual Directory Server of the Enterprise Directory server, would we be able to point the vCenter clients to this Directory service for authentication and authorization rather than at the AD source. The reason for this is that we have more users we want to add to the management role of this server but not all are in AD, a fair number are in the Sun LDAP v3. directory. Thanks in advance Ian

  Read the article

• How to deny access to disabled AD accounts via kerberos in pam_krb5?

  - by Phil

  I have a working AD/Linux/LDAP/KRB5 directory and authentication setup, with one small problem. When an account is disabled, SSH publickey authentication still allows user login. It's clear that kerberos clients can identify a disabled account, as kinit and kpasswd return "Clients credentials have been revoked" with no further password / interaction. Can PAM be configured (with "UsePAM yes" in sshd_config) to disallow logins for disabled accounts, where authentication is done by publickey? This doesn't seem to work: account [default=bad success=ok user_unknown=ignore] pam_krb5.so Please don't introduce winbind in your answer - we don't use it.

  Read the article

• linux intrusion detection software

  - by Sam Hammamy

  I have an Ubuntu VPS that I use for practice and deploying prototypes as I am a python developer. I recently started teaching my self sys admin tasks, like installing OpenLDAP. I happened to turn off the ufw firewall for just a minute, and when I ran an netstat command, I saw a foreign ip connected to ssh that I traced to china. I'd like to know a few things: 1) Is there any good network intrusion detection software, such that if any IP that's outside a specific range connects to the VPN, I can be notified? -- I am thinking about scripting this, but I'm pretty sure there's something useful out there and I believe in the wisdom of crowds. 2) How did this person gain access to my server? Is it because my firewall was down? Or is it because they browsed my LDAP directory and from there figured out a way to connect (there was a clear text password in the tree but it wasn't one used by the server's sshd)?

  Read the article

< Previous Page | 85 86 87 88 89 90 91 92 93 94 95 96  | Next Page >