Search Results

Search found 4152 results on 167 pages for 'mod auth kerb'.

Page 9/167 | < Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >

  • Changing the current URL but serving content from another (same domain) - ProxyPass?

    - by zigojacko
    I've been banging my head against the wall with this for months now so I hope someone on here will be able to finally advise what is needed for this. I have some URL's like this:- domain.com/category/subcat/filter/brand And I wish to rewrite the URL's to:- domain.com/category/brand-subcat Content loads fine at the first URL, I just want to show it at a different URL - is URL masking the correct term for this? I have a RewriteRule in .htaccess that should do this job as far as I believe:- RewriteRule ^([a-zA-Z]+)/([a-zA-Z]+)/filter/([a-zA-Z]+)$ $1/$3-$2 This isn't actually modifying the URL at all though on a Magento website (mod_rewrite is enabled and plenty of other rewrites are working from the same .htaccess). So firstly, I want to know is what I am trying to achieve definitely possible? If so, what is this process even called? Secondly, does this need to be handled using ProxyPass and then use a [P] flag with the rewrite rule? I assume the Apache server doesn't have mod_proxy enabled currently because when I add a [P] flag, the URL returns a 403 forbidden error with the full server path for the current URL. Please could anyone kindly advise what on earth I need to do to achieve this?

    Read the article

  • How to Exclude an URL for Apache Mod_proxy?

    - by Mughil
    We have two Apache server as front-end and 4 tomcat server as back-end configured using mod_proxy module as load balancer. Now, we want to exclude an single tomcat url from the mod_proxy load balancer. Is there any way or rule to exclude? Proxy Balancer Setting: <Proxy balancer://backend-cluster1> BalancerMember http://10.0.0.1:8080 loadfactor=1 route=test1 retry=10 BalancerMember http://10.0.0.2:8080 loadfactor=1 route=test2 retry=10 </Proxy>

    Read the article

  • Apache: Stealth 404 the admin area until authenticated via basic auth, then allow access

    - by Kzqai
    Given a administrative area with urls like this: wp-admin/ wp-admin/whatever wp-admin/another-page wp-adminsecretlogin/ A standard basic-auth coverage would provide a username and password prompt on all three urls, and return a 403 on all failed auth attempts. This is a pretty obvious signal that something exists there, and thus is an invitation to script/brute force access. I would like to instead, require basic auth everywhere, but when not authenticated, not prompt for username and password, and instead return a 404 not found error for all urls except a wp-adminsecretlogin/ url. At that individual-to-the-site url, basic auth could go through, and unlock the rest of the administrative functionality (though the standard application login would still be necessary). How would I do that via apache .htaccess or .conf directives?

    Read the article

  • RewriteRule causes POST data to get dumped before I can access it

    - by MatthewMcGovern
    I'm currently setting up my own 'webserver' (a Ubuntu Server on some old hardware) so I can have a mess around with PHP and get some experience managing a server. I'm using my own little MVC framework and I've hit a snag... In order for all requests to make it through the dispatcher, I am using: <Directory /var/www/> RewriteEngine On RewriteCond %{REQUEST_URI} !\.(png|jpg|jpeg|bmp|gif|css|js)$ [NC] RewriteRule . HomeProjects/index.php [L] </Directory> Which works great. I read on Stackoverflow to change the [L] to [P] to preserve post data. However, this causes every page to return: Not Found The requested URL <url> was not found on this server. So after some more searching, I found, "Note that you need to enable the proxy module, and the proxy_http_module in the config files for this to work." The problem is, I have no idea how to do this and everything I google has people using examples with virtual hosts and I don't know how to 'translate' that into something useful for my setup. I'm accessing my webserver via my public IP and forwarding traffic on port 80 to the web server (like I'm pretending I have a domain/server). How can I get this enabled/get post data working again? Edit: When I use the following, the server never responds and the page loads indefinately? LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so <Directory /var/www/> RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(.+\.)?82\.6\.150\.51/ [NC] RewriteRule .*\.(jpe?g|gif|bmp|png|jpg)$ /no-hotlink.png [L] RewriteCond %{REQUEST_URI} !\.(png|jpg|jpeg|bmp|gif|css|js)$ [NC] RewriteRule . HomeProjects/index.php [P] </Directory>

    Read the article

  • 502 errors with apache mod_proxy hot standby (or equivalent)

    - by 6million
    Anyone knows how to configure the hot standby (+H) mod_proxy feature so that the takeover occurs immediately (without even one user receiving a 502) error during a shutdown? We aren't looking for real load-balancing, we just want a secondary server to take over while we shutdown the primary. The problem is that whenever the primary goes down, I'm able to slip one invalid request resulting in a 502 HTTP error reaching the end user,before the secondary actually takes over. Listen 80 <VirtualHost 127.0.0.1:80> ServerName domain.com ProxyPass / balancer://balance/ <Proxy balancer://balance/> BalancerMember http://primary_ip:80 BalancerMember http://secondary_ip:80 status=+H </Proxy> </VirtualHost>

    Read the article

  • Auth succeeded No requires line available

    - by user286223
    Upgrading to Ubuntu 14.04 (and Apache2 2.4) server I can't use MySQL as htaccess; Before upgrading I was using MySQL as htaccess in the virtual host - worked nicely: <Directory /var/www/html/tilmelding/login> AuthBasicAuthoritative Off AuthUserFile /dev/null # begin auth_mysql configuration AuthMySQL On AuthMySQL_Host localhost AuthMySQL_User ********** AuthMySQL_Password ********* AuthMySQL_DB ********** AuthMySQL_Password_Table user_info AuthMySQL_Username_Field user_name AuthMySQL_Password_Field user_passwd AuthMySQL_Empty_Passwords Off AuthMySQL_Encryption_Types PHP_MD5 AuthMySQL_Authoritative AuthType Basic AuthName "auth_mysql test" Require valid-user After upgrade it didn’t work. In the logfile I got: [:debug] [pid 31333] mod_auth_mysql.c(1578): Constructing password collection query with passfield=[user_passwd], table=[user_info], userfield=[helgoland], where_clause=[] [:debug] [pid 31333] mod_auth_mysql.c(1410): sec->dbh in /var/www/html/tilmelding/login/ is [:debug] [pid 31333] mod_auth_mysql.c(1417): Ordinary query [:debug] [pid 31333] mod_auth_mysql.c(1434): Running query: [SELECT user_passwd FROM user_info WHERE user_name='helgoland'] [:debug] [pid 31333] mod_auth_mysql.c(1522): Checking with PHP_MD5 [:debug] [pid 31333] mod_auth_mysql.c(1524): Auth succeeded [:error] [pid 31333] No requires line available I am able to do the query from CLI and get an MD5 back. What have I missed ?

    Read the article

  • Apache forwarding without redirecting (application won't follow redirects)

    - by DrewVS
    Recently we had to move /task to /public/task, and I'd like to configure Apache to redirect accordingly. However, using mod_rewrite, though it works in the browser, seems to break applications making api calls to the above location. What happens is the application returns a page with the message saying the page was moved, but the app doesn't follow the redirect. So, is there a way to simply forward any traffic to /task to /public/task without 'redirecting', i.e, returning a redirect status code? EDIT: Here's a little more information. I've found a simple test to clarify what I'm trying to fix. Here is the URL path that needs forwarding: https://mydomain.com/task Needs to go to: https://mydomain.com/public/task If I use curl against the original domain, it just returns a redirect page notice. If I add the -L flag, which tells curl to follow redirects, it then follows the redirect successfully. I assume something very similar is happening in the application (which I don't have access to) that makes calls to the /task URL path. Since I cannot modify the application to make it follow redirects properly, I'm looking for a solution I can implement in Apache.

    Read the article

  • Glassfish JSF/EAR Apache 2.2 proxy_ajp_mod Referred Content Missing (images/links/etc)

    - by BillR
    Full disclosure: Since this seems to be more of a configuration issue, I deleted this from Stack (where it wasn't getting any response) and reposted here. The problem is how to change the requestContextPath served up by Glassfish behind mod_proxy_ajp. The site/app runs fine if connecting directly to Glassfish port 8080 which is ultimately not what I want to do. So I need help with configuration for my servers and jsf deployment. I can see the issue but don't know how to resolve it. It has to do with the requestContextPath. Simply put, Apache directs to http://mysite.com/welcome.xhtml which is correct and what I want, but the page is minus the images and styles. The issue is Glassfish itself is still pointing to http://mysite.com/myapp/*. So all links it serves in the app/site still refer via the requestContextPath. That is the /myapp/* part of http://mysite.com/myapp/welcome.xhtml. When I look in the page source, images which are referred to with relative links still point to the requestContextPath (that is, /myapp/). This is fixable but a real pain. However with page links I can't set the relative path. If I hover over the contact page link I see http://mysite.com/myapp/contact.xhtml, and if I click it, I get 404. You can see the /myapp/ context path in the page source as well. If I type in the URL http://mysite.com/contact.xhtml I get the page minus its referred links (requestContextPath). On Apache ProxyPass / ajp://littlewalterserver:8009/myapp-web/ ProxyPassReverse / ajp://littlewalterserver:8009/myapp_Project-web On Glassfish asadmin create-network-listener --listenerport 8009 --protocol http-listener-1 --jkenabled true jk-connector I have tried going in to Glassfish and setting the web app as the default web app. I have changed the / in glassfish-web.xml (and checked to make sure it was the same in the EAR file). How can I get Glassfish to not include the /myapp/ context in the URLs? This has to be easy if you know how, but I don't know how, can someone help out here? Thanks.

    Read the article

  • PHP mod rewrite .htaccess file godaddy.com question

    - by max
    I'm new to PHP and i was trying to learn mod rewrite to rewrite my URLs i use godaddy as my hosting company and they say to add the desired code to the body of your .htaccess file how do I mod rewrite my URLs and add it to my .htaccess file? Can some one give me an example of how to do this as well as point me to a good tutorial and or book on how to mod rewrite my URLs?

    Read the article

  • hello-1.mod.c:14: warning: missing initializer (near initialization for '__this_module.arch.unw_sec_init')

    - by Sompom
    I am trying to write a module for an sbc1651. Since the device is ARM, this requires a cross-compile. As a start, I am trying to compile the "Hello Kernel" module found here. This compiles fine on my x86 development system, but when I try to cross-compile I get the below error. /home/developer/HelloKernel/hello-1.mod.c:14: warning: missing initializer /home/developer/HelloKernel/hello-1.mod.c:14: warning: (near initialization for '__this_module.arch.unw_sec_init') Since this is in the .mod.c file, which is autogenerated I have no idea what's going on. The mod.c file seems to be generated by the module.h file. As far as I can tell, the relevant parts are the same between my x86 system's module.h and the arm kernel header's module.h. Adding to my confusion, this problem is either not googleable (by me...) or hasn't happened to anyone before. Or I'm just doing something clueless that anyone with any sense wouldn't do. The cross-compiler I'm using was supplied by Freescale (I think). I suppose it could be a problem with the compiler. Would it be worth trying to build the toolchain myself? Obviously, since this is a warning, I could ignore it, but since it's so strange, I am worried about it, and would like to at least know the cause... Thanks very much, Sompom Here are the source files hello-1.mod.c #include <linux/module.h> #include <linux/vermagic.h> #include <linux/compiler.h> MODULE_INFO(vermagic, VERMAGIC_STRING); struct module __this_module __attribute__((section(".gnu.linkonce.this_module"))) = { .name = KBUILD_MODNAME, .init = init_module, #ifdef CONFIG_MODULE_UNLOAD .exit = cleanup_module, #endif .arch = MODULE_ARCH_INIT, }; static const struct modversion_info ____versions[] __used __attribute__((section("__versions"))) = { { 0x3972220f, "module_layout" }, { 0xefd6cf06, "__aeabi_unwind_cpp_pr0" }, { 0xea147363, "printk" }, }; static const char __module_depends[] __used __attribute__((section(".modinfo"))) = "depends="; hello-1.c (modified slightly from the given link) /* hello-1.c - The simplest kernel module. * * Copyright (C) 2001 by Peter Jay Salzman * * 08/02/2006 - Updated by Rodrigo Rubira Branco <[email protected]> */ /* Kernel Programming */ #ifndef MODULE #define MODULE #endif #ifndef LINUX #define LINUX #endif #ifndef __KERNEL__ #define __KERNEL__ #endif #include <linux/module.h> /* Needed by all modules */ #include <linux/kernel.h> /* Needed for KERN_ALERT */ static int hello_init_module(void) { printk(KERN_ALERT "Hello world 1.\n"); /* A non 0 return means init_module failed; module can't be loaded.*/ return 0; } static void hello_cleanup_module(void) { printk(KERN_ALERT "Goodbye world 1.\n"); } module_init(hello_init_module); module_exit(hello_cleanup_module); MODULE_LICENSE("GPL"); Makefile export ARCH:=arm export CCPREFIX:=/opt/freescale/usr/local/gcc-4.4.4-glibc-2.11.1-multilib-1.0/arm-fsl-linux-gnueabi/bin/arm-linux- export CROSS_COMPILE:=${CCPREFIX} TARGET := hello-1 WARN := -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Wno-sign-compare -Wno-unused -Werror UNUSED_FLAGS := -std=c99 -pedantic EXTRA_CFLAGS := -O2 -DMODULE -D__KERNEL__ ${WARN} ${INCLUDE} KDIR ?= /home/developer/src/ltib-microsys/ltib/rpm/BUILD/linux-2.6.35.3 ifneq ($(KERNELRELEASE),) # kbuild part of makefile obj-m := $(TARGET).o else # normal makefile default: clean $(MAKE) -C $(KDIR) M=$$PWD .PHONY: clean clean: -rm built-in.o -rm $(TARGET).ko -rm $(TARGET).ko.unsigned -rm $(TARGET).mod.c -rm $(TARGET).mod.o -rm $(TARGET).o -rm modules.order -rm Module.symvers endif

    Read the article

  • How do you calculate div and mod of floating point numbers?

    - by boost
    In Perl, the % operator seems to assume integers. For instance: sub foo { my $n1 = shift; my $n2 = shift; print "perl's mod=" . $n1 % $n2, "\n"; my $res = $n1 / $n2; my $t = int($res); print "my div=$t", "\n"; $res = $res - $t; $res = $res * $n2; print "my mod=" . $res . "\n\n"; } foo( 3044.952963, 7.1 ); foo( 3044.952963, -7.1 ); foo( -3044.952963, 7.1 ); foo( -3044.952963, -7.1 ); gives perl's mod=6 my div=428 my mod=6.15296300000033 perl's mod=-1 my div=-428 my mod=6.15296300000033 perl's mod=1 my div=-428 my mod=-6.15296300000033 perl's mod=-6 my div=428 my mod=-6.15296300000033 Now as you can see, I've come up with a "solution" already for calculating div and mod. However, what I don't understand is what effect the sign of each argument should have on the result. Wouldn't the div always be positive, being the number of times n2 fits into n1? How's the arithmetic supposed to work in this situation?

    Read the article

  • Any Suggestions on How to Soup Up/ Mod a MacBook Pro 13"?

    - by 5arx
    So I've got a mid-2009 MacBook Pro 13". Integrated GPU so not a games machine but fast enough for doing .Net development in VMs. I love the little thing and wanted to give it a Christmas present so thought I'd mod it up a bit and give it a boost. I'm probably going to go for a 500GB Seagate Momentus XT hybrid drive rather than full-on SSD (I need 500GB space) but was wondering if there are any other mods/tweaks people could suggest? I saw something online about swapping a HDD for the DVD drive and wondered if anyone had tried this or similarly drastic mods to the smallest of the MBPs. Cheers.

    Read the article

  • Are random packets normal?

    - by TheLQ
    About a month ago on one of my servers I started receiving random packets from IPs all over the world. So I did the smart thing and stopped putting off installing an IDS. This IDS is a ClearOS Gateway which comes with Snort and SnortSam. I enabled it, checked There is a total of 4 ports open, two of which forward to the server I'm talking about. These ports are 3724 and 8085, so they aren't going to be easily detected in a port scan. However checking some logs of this server I found that the attack is resuming. I found this ... Accepting connection from '75.166.155.122' [Auth] got unknown packet from '75.166.155.122' Accepting connection from '98.164.154.93' [Auth] got unknown packet from '98.164.154.93' Ping MySQL to keep connection alive Accepting connection from '70.241.195.129' [Auth] got unknown packet from '70.241.195.129' Accepting connection from '67.182.229.169' [Auth] got unknown packet from '67.182.229.169' Accepting connection from '69.137.140.38' [Auth] got unknown packet from '69.137.140.38' Accepting connection from '76.31.72.55' [Auth] got unknown packet from '76.31.72.55' Accepting connection from '97.88.139.39' [Auth] got unknown packet from '97.88.139.39' Accepting connection from '173.35.62.112' [Auth] got unknown packet from '173.35.62.112' Accepting connection from '187.15.10.73' [Auth] got unknown packet from '187.15.10.73' Accepting connection from '66.66.94.124' [Auth] got unknown packet from '66.66.94.124' Accepting connection from '75.159.219.124' [Auth] got unknown packet from '75.159.219.124' Accepting connection from '99.102.100.82' [Auth] got unknown packet from '99.102.100.82' Accepting connection from '24.128.240.45' [Auth] got unknown packet from '24.128.240.45' Accepting connection from '99.231.7.39' [Auth] got unknown packet from '99.231.7.39' Accepting connection from '206.255.79.56' [Auth] got unknown packet from '206.255.79.56' Accepting connection from '68.97.106.235' [Auth] got unknown packet from '68.97.106.235' Accepting connection from '69.134.67.251' [Auth] got unknown packet from '69.134.67.251' Accepting connection from '63.228.138.186' [Auth] got unknown packet from '63.228.138.186' Accepting connection from '184.39.146.193' [Auth] got unknown packet from '184.39.146.193' Accepting connection from '69.171.161.102' [Auth] got unknown packet from '69.171.161.102' Accepting connection from '76.0.47.228' [Auth] got unknown packet from '76.0.47.228' Ping MySQL to keep connection alive Accepting connection from '126.112.201.14' [Auth] got unknown packet from '126.112.201.14' Ping MySQL to keep connection alive Now that scares me. Why isn't Snort detecting this? How were they able to find this specific port? More importantly, what normally would these packets contain? Is this something I should be worried about? How can I stop this?

    Read the article

  • Insufficient permissions when calling flickr.auth.oauth.checkToken

    - by Designer 17
    This is a follow up on another question I had asked on stackoverflow a day or so ago. I'm working on trying to call flickr.people.getPhotos... but no matter what I do I keep getting this... jsonFlickrApi({"stat":"fail", "code":99, "message":"Insufficient permissions. Method requires read privileges; none granted."}); but if you were to look at my "Apps You're Using" page (on flickr) you'd see this. So, even though I've authorized the max permissions... flickr says I don't have any granted!? I even used flickr.auth.oauth.checkToken to double check that my access token was right, this was the value returned; jsonFlickrApi({"oauth":{"token":{"_content":"my-access-token"}, "perms":{"_content":"delete"}, "user":{"nsid":"my-user-nsid", "username":"designerseventeen", "fullname":"Designer Seventeen"}}, "stat":"ok"}) Here's how I'm attempting to call flickr.people.getPhotos... <?php // Attempt to call flickr.people.getPhotos $method = "flickr.people.getPhotos"; $format = 'json'; $nsid = 'my-user-nsid'; $sig_string = "{$api_secret}api_key{$api_key}format{$format}method{$method}user_id{$nsid}"; $api_sig = md5( $sig_string ); $flickr_call = "http://api.flickr.com/services/rest/?"; $url = "method=" . $method; $url .= "&api_key=" . $api_key; $url .= "&user_id=" . $nsid; $url .= "&format=" . $format; $url .= "&api_sig=" . $api_sig; $url = $flickr_call . $url; $results = file_get_contents( $url ); $rsp_arr = explode( '&',$results ); print "<pre>"; print_r($rsp_arr); print "</pre>"; I am officially stumped... and in need of help. Thanks!

    Read the article

  • auth component issue

    - by madphp
    Im trying to get my admin routing working with the auth component. I want the following routing to work. Router::connect('/admin', array('controller' => 'pages', 'action' => 'index', 'admin' => true)); but when i type in /admin it redirects to /admin/users/login and display this error. Create UsersController::admin_login() in file: cms.local/controllers/users_controller.php here is my app_controller code. class AppController extends Controller { var $components = array('DebugKit.Toolbar','Auth','Session'); function beforeFilter(){ //Set up Auth Component $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); $this->Auth->loginRedirect = array('controller' => 'pages', 'action' => 'admin_index'); $this->Auth->allow('display'); } } users_controller <?php class UsersController extends AppController { var $name = 'Users'; function login(){ } function admin_logout(){ $this->Session->destroy(); $this->redirect($this->Auth->logout()); } } ?> If you require more information let me know. Thanks

    Read the article

  • Grant a user access to directories shared by root (mod: 770)

    - by Paul Dinham
    I want to grant a user (username: paul) access to all directories shared by root with mod 770. I do it this way: groups root (here comes a list of groups in which root user is) usermod -a -G group1 paul usermod -a -G group2 paul usermod -a -G group3 paul ... All the 'group1', 'group2', 'group3' are seen in the group list of root user. However, after adding 'paul' to all groups above, he still can not write to directories shared by root user with mod 770. Did I do it wrongly?

    Read the article

  • Excel: ROUND & MOD giving me strange DATE results

    - by Mike
    This is sort of related to a previous question. My formula, which seemed to work fine yesterday now gives strange results. Today is the 30th of March (30/03/10). It's 10:11am on the clock that the computer is using for the time stamp in the NOW() part of my worksheet. Below is the formula and a screen shot of the results/columns. QUESTION: Why ddoes it show 1/2 day, and also where does 23 1/2 come from? The NOW() is in a hidden column (F2)...which I forgot to unhide before I took the screen shot. =IF(ISBLANK(I2),ROUND(MOD(H2-F2,24),2),ROUND(MOD(I2-F2,24),2)) Thanks Mike

    Read the article

  • Auth-Type :- Reject in RADIUS users file matches inner tunnel request but sends Access-Accept

    - by mgorven
    I have WPA2 802.11x EAP authentication setup using FreeRADIUS 2.1.8 on Ubuntu 10.04.4 talking to OpenLDAP, and can successfully authenticate using PEAP/MSCHAPv2, TTLS/MSCHAPv2 and TTLS/PAP (both via the AP and using eapol_test). I am now trying to restrict access to specific SSIDs based on the LDAP groups which the user belongs to. I have configured group membership checking in /etc/freeradius/modules/ldap like so: groupname_attribute = cn groupmembership_filter = "(|(&(objectClass=posixGroup)(memberUid=%{User-Name}))(&(objectClass=posixGroup)(uniquemember=%{User-Name})))" and I have configured extraction of the SSID from Called-Station-Id into Called-Station-SSID based on the Mac Auth wiki page. In /etc/freeradius/eap.conf I have enabled copying attributes from the outer tunnel into the inner tunnel, and usage of the inner tunnel response in the outer tunnel (for both PEAP and TTLS). I had the same behaviour before changing these options however. copy_request_to_tunnel = yes use_tunneled_reply = yes I'm running eapol_test like this to test the setup: eapol_test -c peap-mschapv2.conf -a 172.16.0.16 -s testing123 -N 30:s:01-23-45-67-89-01:Example-EAP with the following peap-mschapv2.conf file: network={ ssid="Example-EAP" key_mgmt=WPA-EAP eap=PEAP identity="mgorven" anonymous_identity="anonymous" password="foobar" phase2="autheap=MSCHAPV2" } With the following in /etc/freeradius/users: DEFAULT Ldap-Group == "employees" and running freeradius-Xx, I can see that the LDAP group retrieval works, and that the SSID is extracted. Debug: [ldap] performing search in dc=example,dc=com, with filter (&(cn=employees)(|(&(objectClass=posixGroup)(memberUid=mgorven))(&(objectClass=posixGroup)(uniquemember=mgorven)))) Debug: rlm_ldap::ldap_groupcmp: User found in group employees ... Info: expand: %{7} -> Example-EAP Next I try to only allow access to users in the employees group (regardless of SSID), so I put the following in /etc/freeradius/users: DEFAULT Ldap-Group == "employees" DEFAULT Auth-Type := Reject But this immediately rejects the Access-Request in the outer tunnel because the anonymous user is not in the employees group. So I modify it to only match inner tunnel requests like so: DEFAULT Ldap-Group == "employees" DEFAULT FreeRADIUS-Proxied-To == "127.0.0.1" Auth-Type := Reject, Reply-Message = "User does not belong to any groups which may access this SSID." Now users which are in the employees group are authenticated, but so are users which are not in the employees group. I see the reject entry being matched, and the Reply-Message is set, but the client receives an Access-Accept. Debug: rlm_ldap::ldap_groupcmp: Group employees not found or user is not a member. Info: [files] users: Matched entry DEFAULT at line 209 Info: ++[files] returns ok ... Auth: Login OK: [mgorven] (from client test port 0 cli 02-00-00-00-00-01 via TLS tunnel) Info: WARNING: Empty section. Using default return values. ... Info: [peap] Got tunneled reply code 2 Auth-Type := Reject Reply-Message = "User does not belong to any groups which may access this SSID." ... Info: [peap] Got tunneled reply RADIUS code 2 Auth-Type := Reject Reply-Message = "User does not belong to any groups which may access this SSID." ... Info: [peap] Tunneled authentication was successful. Info: [peap] SUCCESS Info: [peap] Saving tunneled attributes for later ... Sending Access-Accept of id 11 to 172.16.2.44 port 60746 Reply-Message = "User does not belong to any groups which may access this SSID." User-Name = "mgorven" and eapol_test reports: RADIUS message: code=2 (Access-Accept) identifier=11 length=233 Attribute 18 (Reply-Message) length=64 Value: 'User does not belong to any groups which may access this SSID.' Attribute 1 (User-Name) length=9 Value: 'mgorven' ... SUCCESS Why isn't the request being rejected, and is this the right way to implement this?

    Read the article

  • How to grant su access to wheel without asking for password on FreeBSD?

    - by cstamas
    I would like to grant users of the wheel group (other sysadmins) su access without being asked for password. I know how to do it with pam in linux, but the question now is for FreeBSD. I am not familiar with the syntax for FreeBSD's PAM subsystem. What shall I enter in /etc/pam.d/su instead of the default: auth sufficient pam_rootok.so no_warn auth sufficient pam_self.so no_warn auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser auth include system # account account include system # session session required pam_permit.so

    Read the article

  • How to use cURL to FTPS upload to SecureTransport (hint: SITE AUTH and client certificates)

    - by Seamus Abshere
    I'm trying to connect to SecureTransport 4.5.1 via FTPS using curl compiled with gnutls. You need to use --ftp-alternative-to-user "SITE AUTH" per http://curl.haxx.se/mail/lib-2006-07/0068.html Do you see anything wrong with my client certificates? I try with # mycert.crt -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- # mykey.pem -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY----- And it says "530 No client certificate presented": myuser@myserver ~ $ curl -v --ftp-ssl --cert mycert.crt --key mykey.pem --ftp-alternative-to-user "SITE AUTH" -T helloworld.txt ftp://ftp.example.com:9876/upload/ * About to connect() to ftp.example.com port 9876 (#0) * Trying 1.2.3.4... connected * Connected to ftp.example.com (1.2.3.4) port 9876 (#0) < 220 msn1 FTP server (SecureTransport 4.5.1) ready. > AUTH SSL < 334 SSLv23/TLSv1 * found 142 certificates in /etc/ssl/certs/ca-certificates.crt > USER anonymous < 331 Password required for anonymous. > PASS [email protected] < 530 Login incorrect. > SITE AUTH < 530 No client certificate presented. * Access denied: 530 * Closing connection #0 curl: (67) Access denied: 530 I also tried with a pk8 version... # openssl pkcs8 -in mykey.pem -topk8 -nocrypt > mykey.pk8 -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- ...but got exactly the same result. What's the trick to sending a client certificate to SecureTransport?

    Read the article

  • Why is squid breaking kerberos/NTLM auth?

    - by DonEstefan
    I'm using squid 2.6.22 (Centos 5 Default) as a proxy. Squid seems to break the authentication process for web pages when they require NTLM or Kerberos Auth. I tested with sharepoint 2007 and tried all 3 authentication methods (NTLM, Kerberos, Basic). Accessing the site without squid works in all cases. When I access the same page with squid, then only basic-auth works. Using IE or Firefox desn't make any difference. Squid itself can be used by anybody (no auth_param configured). Its a bit tricky to find solutions online, since most of the topics whirl around auth_param for authenticating users to squid rather than authenticating users to a webpage behind squid. Could anyone help? Edit: Sorry, but my first test was totally screwed up. I tested against the wrong webservers (Memo to myself: always check assumptions before testing). Now I realized that the problem scenario is completely different. Kerberos work for IE Kerberos works for Firefox (after changing "network.negotiate-auth.trusted-uris" in about:config) NTLM works for IE NTLM does NOT work in Firefox (even after changing "network.automatic-ntlm-auth.trusted-uris" in about:config) By the way: The feature that provides NTLM-passthrough in squid is called "connection pinning" and the HTTP header "Proxy-support: Session-based-authentication""

    Read the article

  • Installing Mod-wsgi 3.3 for apache 2.2 and python 3.2

    - by aaronasterling
    I am attempting to install Mod-wsgi 3.3 on an ubuntu 11.10 desktop edition with apache 2.2 and python 3.2 I downloaded the source tarball and extracted it. I configured it using the --with-python=/usr/bin/python3 option to configure. This is the only copy of python3 that I have installed. I then issued the commands make and sudo make install. I attempted to restart apache using sudo /etc/init.d/apache2 restart and get the following error message: apache2: Syntax error on line 203 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/wsgi.load: Cannot load /usr/lib/apache2/modules /mod_wsgi.so into server: /usr/lib/apache2/modules/mod_wsgi.so: undefined symbol: PyCObject_FromVoidPtr Action 'configtest' failed. The Apache error log may have more information. ...fail! The error logs only inform us that it's a segfault: ` I checked to make sure that it's linked against the right python library with ldd mod_wsgi.so and got the output linux-gate.so.1 => (0x00d66000) libpython3.2mu.so.1.0 => /usr/lib/libpython3.2mu.so.1.0 (0x0065b000) libpthread.so.0 => /lib/i386-linux-gnu/libpthread.so.0 (0x00a20000) libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0x00110000) libssl.so.1.0.0 => /lib/i386-linux-gnu/libssl.so.1.0.0 (0x0028c000) libcrypto.so.1.0.0 => /lib/i386-linux-gnu/libcrypto.so.1.0.0 (0x0044c000) libffi.so.6 => /usr/lib/i386-linux-gnu/libffi.so.6 (0x002d9000) libz.so.1 => /lib/i386-linux-gnu/libz.so.1 (0x00eb3000) libexpat.so.1 => /lib/i386-linux-gnu/libexpat.so.1 (0x00abe000) libdl.so.2 => /lib/i386-linux-gnu/libdl.so.2 (0x002e0000) libutil.so.1 => /lib/i386-linux-gnu/libutil.so.1 (0x00c47000) libm.so.6 => /lib/i386-linux-gnu/libm.so.6 (0x00e24000) /lib/ld-linux.so.2 (0x0042c000) It seems to be linking against the python3 library so I'm not sure what the issue is. I have read on another question that mod-python can present problems however it was never installed. I saw that the directive WSGIPythonHome can be used to point to the correct python version and created a directory /usr/bin/apache2-python/ with a link named python and python3(the name I passed to the configure script) to /usr/bin/python3 This results in the same error. So I'm pretty sure it's using the correct version of python. I am now at a loss. Thanks in advance for any help. update Using the version from the repository I get the following log when I attempt to request a page: [Wed Mar 21 13:21:11 2012] [notice] child pid 5567 exit signal Aborted (6) Fatal Python error: Py_Initialize: Unable to get the locale encoding LookupError: no codec search functions registered: can't find encoding [Wed Mar 21 13:21:13 2012] [notice] child pid 5568 exit signal Aborted (6) Fatal Python error: Py_Initialize: Unable to get the locale encoding LookupError: no codec search functions registered: can't find encoding [Wed Mar 21 13:21:14 2012] [notice] caught SIGTERM, shutting down If I comment out the instruction to load mod-wsgi, the page serves normally.

    Read the article

  • what service to restart for /var/log/auth.log to start

    - by Bond
    Here is a situation since the log files on my server had grown to several Gigabytes I took a backup of directory /var/log and then manually when to each subdirectory of /var/log and the files which were big in size I did cat > /var/log/file_which_is_big press 2 times enter key (basically over wrote those files with a blank space) and then Ctrl+C So basically I over wrote those files to be blank. Now when I open /var/log/auth.log I don't see any entry (which is expected also since I over wrote) but when I exit the SSH session and login again then also I do not see any entry in auth.log is there any way other than rebooting the machine to make sure I keep getting the entries in /var/log/auth.log I am not sure which service writes in this file. This is a Ubuntu 10.04 server.

    Read the article

  • Django auth without "auth_*" tables

    - by Travis Jensen
    We would like to use our own tables for user management instead of the Django "auth" tables. We already have database tables that include all of the relevant information our application needs but it isn't in the Django format. We would prefer not to have the information duplicated in two tables. We would like to utilize the auth package, though, as there is some very nice functionality that we don't want to replicate. I realize we could build our own auth backend, but that doesn't, as far as I can tell, remove the need for two sets of tables in this case. Am I correct in assuming that we cannot do this? I have found no docs that discuss how to modify the underlying model that the auth package is using. The backend simply pre-populates the user object that would eventually be saved in the auth tables. Thanks!

    Read the article

  • Apache and multiple tomcats proxy

    - by Sebb77
    I have 1 apache server and two tomcat servers with two different applications. I want to use the apache as a proxy so that the user can access the application from the same url using different paths. e.g.: localhost/app1 --> localhost:8080/app1 localhost/app2 --> localhost:8181/app2 I tried all 3 mod proxy of apache (mod_jk, mod_proxy_http and mod_proxy_ajp) but the first application is working, whilst the second is not accessible. This is the apache configuration I'm using: ProxyPassMatch ^(/.*\.gif)$ ! ProxyPassMatch ^(/.*\.css)$ ! ProxyPassMatch ^(/.*\.png)$ ! ProxyPassMatch ^(/.*\.js)$ ! ProxyPassMatch ^(/.*\.jpeg)$ ! ProxyPassMatch ^(/.*\.jpg)$ ! ProxyRequests Off ProxyPass /app1 ajp://localhost:8009/ ProxyPassReverse /app1 ajp://localhost:8009/ ProxyPass /app2 ajp://localhost:8909/ ProxyPassReverse /app2 ajp://localhost:8909/ With the above, I manage to view the tomcat root application using localhost/app1, but I get "Service Temporarily Unavailable" (apache error) when accessing app2. I need to keep the tomcat servers separate because I need to restart one of the applications often and it is not an option to save both apps on the same tomcat. Can someone point me out what I'm doing wrong? Thank you all.

    Read the article

< Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >