Search Results

Search found 3366 results on 135 pages for 'openvpn auth ldap'.

Page 9/135 | < Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >

• openvpn restriction

  - by zubin71

  hi, ive set up an openvpn server at my place and handed out a certificate to a client who has an openvpn client at his place. however i require that he should be able to connect to the vpn server only from one ip(his current one). how can i do this?

  Read the article

• Client unable to reach Internet through OpenVPN

  - by Carroarmato0

  The clients can all connect through OpenVPN. OpenVPN serves the following pool: server 10.8.0.0 255.255.255.0 I've configured the server's iptable with the following rule: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE and echo 1 /proc/sys/net/ipv4/ip_forward This used to work back on the old vps I used. Now I've migrated to a vps which has ipv6 connectivity. Is it possible that Ipv6 has something to do with the fact that the clients can't reach the internet?

  Read the article

• Openvpn multiple subnet invisble to each other

  - by VimManiac

  I want to setup openvpn in such a way that i can place clients in different groups and give each group a private subnet (push the addresses to clients when they connect to the openvpn server) where they are visible to each other but not to the clients on other subnets. How do i proceed? Thanks.

  Read the article

• Connecting a LAN to an OpenVPN server via a windows 7 client gateway

  - by user705142

  I've got OpenVPN set up between my windows 7 client and linux server. The goal is that I'll get secure access to a webapp running on the server from any computer on the client LAN. I'm using ccd to assign static ip addresses to each client connection, with key authentication. It's working on my client machine (10.83.41.9), and when you go to the gateway IP address (10.83.41.1), it loads up the webapp. Now I really need the other computers on the client LAN to be able to connect to the webapp as well, via the windows machine. The client has a static IP address of 192.168.2.100 on the LAN, and I've enabled IP forwarding in windows (confirmed by ipconfig /all). In my router I've forwarded 10.83.41.1 / 255.255.255.255 to 192.168.2.100. In server.conf I have.. route 192.168.2.0 255.255.255.0 And in the office ccd.. ifconfig-push 10.83.41.9 10.83.41.10 iroute 192.168.2.0 255.255.255.0 The client log is as follows: Thu Mar 15 20:19:56 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011 Thu Mar 15 20:19:56 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Thu Mar 15 20:19:56 2012 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Thu Mar 15 20:19:56 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Mar 15 20:19:56 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Mar 15 20:19:56 2012 LZO compression initialized Thu Mar 15 20:19:56 2012 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ] Thu Mar 15 20:19:56 2012 Socket Buffers: R=[8192->8192] S=[64512->64512] Thu Mar 15 20:19:56 2012 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Thu Mar 15 20:19:56 2012 Local Options hash (VER=V4): '9e7066d2' Thu Mar 15 20:19:56 2012 Expected Remote Options hash (VER=V4): '162b04de' Thu Mar 15 20:19:56 2012 UDPv4 link local: [undef] Thu Mar 15 20:19:56 2012 UDPv4 link remote: 111.65.224.202:1194 Thu Mar 15 20:19:56 2012 TLS: Initial packet from 111.65.224.202:1194, sid=ceb04c22 8cc6d151 Thu Mar 15 20:19:56 2012 VERIFY OK: depth=1, /C=NZ/O=XXX./CN=XXX Thu Mar 15 20:19:56 2012 VERIFY OK: nsCertType=SERVER Thu Mar 15 20:19:56 2012 VERIFY OK: depth=0, /C=NZ/O=XXX./CN=XXX Thu Mar 15 20:19:56 2012 Replay-window backtrack occurred [1] Thu Mar 15 20:19:56 2012 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Mar 15 20:19:56 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Mar 15 20:19:56 2012 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Mar 15 20:19:56 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Mar 15 20:19:56 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Mar 15 20:19:56 2012 [server] Peer Connection Initiated with 111.65.224.202:1194 Thu Mar 15 20:19:58 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Mar 15 20:19:59 2012 PUSH: Received control message: 'PUSH_REPLY,route 10.83.41.1,topology net30,ping 10,ping-restart 120,ifconfig 10.83.41.9 10.83.41.10' Thu Mar 15 20:19:59 2012 OPTIONS IMPORT: timers and/or timeouts modified Thu Mar 15 20:19:59 2012 OPTIONS IMPORT: --ifconfig/up options modified Thu Mar 15 20:19:59 2012 OPTIONS IMPORT: route options modified Thu Mar 15 20:19:59 2012 ROUTE default_gateway=192.168.2.1 Thu Mar 15 20:19:59 2012 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{B32D85C9-1942-42E2-80BA-7E0B5BB5185F}.tap Thu Mar 15 20:19:59 2012 TAP-Win32 Driver Version 9.9 Thu Mar 15 20:19:59 2012 TAP-Win32 MTU=1500 Thu Mar 15 20:19:59 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.83.41.9/255.255.255.252 on interface {B32D85C9-1942-42E2-80BA-7E0B5BB5185F} [DHCP-serv: 10.83.41.10, lease-time: 31536000] Thu Mar 15 20:19:59 2012 Successful ARP Flush on interface [45] {B32D85C9-1942-42E2-80BA-7E0B5BB5185F} Thu Mar 15 20:20:04 2012 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up Thu Mar 15 20:20:04 2012 C:\WINDOWS\system32\route.exe ADD 10.83.41.1 MASK 255.255.255.255 10.83.41.10 Thu Mar 15 20:20:04 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4 Thu Mar 15 20:20:04 2012 Route addition via IPAPI succeeded [adaptive] Thu Mar 15 20:20:04 2012 Initialization Sequence Completed From the other machines I can ping 192.169.2.100, but not 10.83.41.1. In the how-to, it mentions "Make sure your network interface is in promiscuous mode." as well. I can't find in the windows network config, so this may or may not be part of it. Ideally this would be achieved without any special configuration the other LAN computers. Not sure how far I'm going to get on my own at this point, any ideas? Is there something I'm missing, or anything I should need to know?

  Read the article

• 4in6 tunneling (via OpenVPN?)

  - by Deshene

  I have a local network with internet access. But unfortunately IPv4 internet connection speed is limited to 1mbps, which is realy sad. Fortunately I have a native IPv6, and there is no connection speed limit over IPv6. So, in order to get a good internet connection I made a plan: connect to the VPN-service over IPv6, and pass all IPv4 traffic through IPv6 tunnel, or something like that, I think you get the idea. I suggested to use service like HideMyAss.com, but unfortunately they don't support IPv6. The question is: Is there any existing VPN service that will make my dreams come true, and is easy to use, which I could connect over PPTP or OpenVPN (I want to set up connection to VPN in my router settings). Edit: It seems like there are couple of VPN services that supports IPv6 (it's odd, but the biggest VPN services support only IPv4), and there is none providing 4in6 tunnels. So, I came to the following solution: rent a VPS with IPv6 address, and manually setup 4in6 tunnel. I'm not good at networking, never did things like that, and don't know where to start, and what should I do. The use case, as I undestand, should look like this: I connect from my home computer to the VPS via OpenVPN, and after that all my IPv4 traffic pass through IPv6 (server do the job). OpenVPN - because I want to configure VPN connection to server in my router (Asus RT-N16?). How can I achieve this?

  Read the article

• Cross domain LDAP

  - by Adam

  For a system we are developing we have 2 domains an internal and an external domain with bi directional trust between them. However the servers are only able to connect to their own DC's. We have an application server on the internal domain which needs to use an LDAP query to gather a list of users from a group on the external domain. How do i go about writing an LDAP query that asks one DC to go ask another DC for a list of users. I tried querying the internal DC with the same LDAP query I would use if it could hit the external DC directly but this does not work. When i use Softerra LDAP Administraor I can view the full hierarchy of the interal domain but despite the trust relationship between domains i am unable to see any of the external doamin. Any suggestions or help would be greatly appreciated

  Read the article

• Debian + ProFTPD + LDAP Incorrect Password Issue

  - by Tristan Hall

  I have the LDAP configuration configured for ProFTPD and I have modified the modules.conf file to include the LDAP module. However, every time I login with FileZilla I get 530 Login Incorrect. It does this for all users except those whose passwords are defined locally as well as in LDAP. The exact same setup works fine on my CentOS server and I've already tried re-installing it after purging the configuration files.

  Read the article

• Redundant OpenVPN connections with advanced Linux routing over an unreliable network

  - by konrad

  I am currently living in a country that blocks many websites and has unreliable network connections to the outside world. I have two OpenVPN endpoints (say: vpn1 and vpn2) on Linux servers that I use to circumvent the firewall. I have full access to these servers. This works quite well, except for the high package loss on my VPN connections. This packet loss varies between 1% and 30% depending on time and seems to have a low correlation, most of the time it seems random. I am thinking about setting up a home router (also on Linux) that maintains OpenVPN connections to both endpoints and sends all packets twice, to both endpoints. vpn2 would send all packets from home to vpn1. Return trafic would be send both directly from vpn1 to home, and also through vpn2. +------------+ | home | +------------+ | | | OpenVPN | | links | | | ~~~~~~~~~~~~~~~~~~ unreliable connection | | +----------+ +----------+ | vpn1 |---| vpn2 | +----------+ +----------+ | +------------+ | HTTP proxy | +------------+ | (internet) For clarity: all packets between home and the HTTP proxy will be duplicated and sent over different paths, to increase the chances one of them will arrive. If both arrive, the first second one can be silently discarded. Bandwidth usage is not an issue, both on the home side and endpoint side. vpn1 and vpn2 are close to each other (3ms ping) and have a reliable connection. Any pointers on how this could be achieved using the advanced routing policies available in Linux?

  Read the article

• Auth-Type :- Reject in RADIUS users file matches inner tunnel request but sends Access-Accept

  - by mgorven

  I have WPA2 802.11x EAP authentication setup using FreeRADIUS 2.1.8 on Ubuntu 10.04.4 talking to OpenLDAP, and can successfully authenticate using PEAP/MSCHAPv2, TTLS/MSCHAPv2 and TTLS/PAP (both via the AP and using eapol_test). I am now trying to restrict access to specific SSIDs based on the LDAP groups which the user belongs to. I have configured group membership checking in /etc/freeradius/modules/ldap like so: groupname_attribute = cn groupmembership_filter = "(|(&(objectClass=posixGroup)(memberUid=%{User-Name}))(&(objectClass=posixGroup)(uniquemember=%{User-Name})))" and I have configured extraction of the SSID from Called-Station-Id into Called-Station-SSID based on the Mac Auth wiki page. In /etc/freeradius/eap.conf I have enabled copying attributes from the outer tunnel into the inner tunnel, and usage of the inner tunnel response in the outer tunnel (for both PEAP and TTLS). I had the same behaviour before changing these options however. copy_request_to_tunnel = yes use_tunneled_reply = yes I'm running eapol_test like this to test the setup: eapol_test -c peap-mschapv2.conf -a 172.16.0.16 -s testing123 -N 30:s:01-23-45-67-89-01:Example-EAP with the following peap-mschapv2.conf file: network={ ssid="Example-EAP" key_mgmt=WPA-EAP eap=PEAP identity="mgorven" anonymous_identity="anonymous" password="foobar" phase2="autheap=MSCHAPV2" } With the following in /etc/freeradius/users: DEFAULT Ldap-Group == "employees" and running freeradius-Xx, I can see that the LDAP group retrieval works, and that the SSID is extracted. Debug: [ldap] performing search in dc=example,dc=com, with filter (&(cn=employees)(|(&(objectClass=posixGroup)(memberUid=mgorven))(&(objectClass=posixGroup)(uniquemember=mgorven)))) Debug: rlm_ldap::ldap_groupcmp: User found in group employees ... Info: expand: %{7} -> Example-EAP Next I try to only allow access to users in the employees group (regardless of SSID), so I put the following in /etc/freeradius/users: DEFAULT Ldap-Group == "employees" DEFAULT Auth-Type := Reject But this immediately rejects the Access-Request in the outer tunnel because the anonymous user is not in the employees group. So I modify it to only match inner tunnel requests like so: DEFAULT Ldap-Group == "employees" DEFAULT FreeRADIUS-Proxied-To == "127.0.0.1" Auth-Type := Reject, Reply-Message = "User does not belong to any groups which may access this SSID." Now users which are in the employees group are authenticated, but so are users which are not in the employees group. I see the reject entry being matched, and the Reply-Message is set, but the client receives an Access-Accept. Debug: rlm_ldap::ldap_groupcmp: Group employees not found or user is not a member. Info: [files] users: Matched entry DEFAULT at line 209 Info: ++[files] returns ok ... Auth: Login OK: [mgorven] (from client test port 0 cli 02-00-00-00-00-01 via TLS tunnel) Info: WARNING: Empty section. Using default return values. ... Info: [peap] Got tunneled reply code 2 Auth-Type := Reject Reply-Message = "User does not belong to any groups which may access this SSID." ... Info: [peap] Got tunneled reply RADIUS code 2 Auth-Type := Reject Reply-Message = "User does not belong to any groups which may access this SSID." ... Info: [peap] Tunneled authentication was successful. Info: [peap] SUCCESS Info: [peap] Saving tunneled attributes for later ... Sending Access-Accept of id 11 to 172.16.2.44 port 60746 Reply-Message = "User does not belong to any groups which may access this SSID." User-Name = "mgorven" and eapol_test reports: RADIUS message: code=2 (Access-Accept) identifier=11 length=233 Attribute 18 (Reply-Message) length=64 Value: 'User does not belong to any groups which may access this SSID.' Attribute 1 (User-Name) length=9 Value: 'mgorven' ... SUCCESS Why isn't the request being rejected, and is this the right way to implement this?

  Read the article

• Using LDAP as auth method for git repositories

  - by Lenni

  I want to convince my boss that we should be using git for version control. He says, that it absolutely must authenticate users through our central LDAP server. I looked at the various solutions (gitweb, gitorious ... ) and couln't really find a definitive answer about whether they support LDAP authentication. The only solution I could find a little info on was a Apache+mod_ldap setting. But that would mean that the user authenticating on LDAP wouldn't necessarily be the same as the actual git user, right? (Not that this is a huge problem, but just something which would bug me.) So, what's the best way to authenticate git users via LDAP?

  Read the article

• OpenVPN IPV6 Tunnel Radvd

  - by Arenstar

  Hello.. I have an interesting question regarding ipv6 + openvpn.. My Version is OpenVPN 2.1.1 i have been given a native /64 ipv6 network ( for this example 2001:acb:132:acb::/64 ) The plan was/is, route this block through openvpn and into an office ( for testing purposes ) Soo to explain.. I have a Centos Box as the first linux "router" in a datacenter & a Ubuntu box as the second linux "router" in the office I have created a simple point-to-point tunnel using tun ( based off ipv4 address to start the tunnel ) I have assigned to Centos /sbin/ip addr add fed1::1/128 dev eth0 /sbin/ip addr add fed2::2/128 dev tun0 /sbin/ip route add 2001:acb:132:acb::/64 dev tun0 ## ipv6 Block down the tunnel /sbin/ip route add ::/0 dev eth0 ## Default out to Gateway I have assigned to Ubuntu /sbin/ip addr add fed1::3/128 dev tun0 /sbin/ip addr add fed1::4/128 dev eth0 /sbin/ip route add 2001:acb:132:acb::/64 dev eth0 ## ipv6 Block down to eth0 /sbin/ip route add ::/0 dev tun0 ## Default up the tunnel I have also included on both servers.. sysctl -w net.inet6.ip6.forwarding=1 Looks Good... right??? Wrong.. :( I am not able to ping fed1::1 from fed1::4 (Ubuntu) (can ping :4,:3,:2) However, i can ping fed1::1 fed1::2 from :3 ?????? ( very strange ) I am able to access the internet from any ipv6 interface on the Centos Box but clearly not from the Ubuntu box.. Further, i will eventually run radvd on the Ubuntu box eth0, and autoconf the network with ipv6 address's Anyone with some advice / tips to help me out.. ??? Cheers

  Read the article

• Connecting FreeNAS 8 to Mac OS X Lion LDAP Server

  - by Absolution

  I currently have Mac OS X Lion Server running from a MacMini and want to use it purely as an LDAP server for authentication for FreeNAS 8. I have FreeNAS setup and running on a VM, all features working correctly and as expected however I cannot connect to my LDAP server (MacMini). Error message; **Nss_ldap: could not search LDAP server – server is unavailable** For LDAP service settings in FreeNAS, I know my Hostname and Base DN are correct (exact copies of what I set originally and ones that are shown in server:open directory overview) however I am unsure what to enter for Root bind DN, password and Suffix’s. I have researched into where I can find these out and other than following the FreeNAS examples it appears there is a way to find out within the Server Workgroup Manager specific to my settings – however this function is unavailable to me and cannot be ‘ticked’ to view for some strange reason. Some forums explain how Root bind DN should be uid=admin, dc=… and others cn=admin, dc=… – I’m rather confused and would appreciate your help or advice with this.

  Read the article

• Android openvpn + zeroconf browser sending mdns query packets over eth0 instead of tap0 interface on wifi

  - by Mrunal

  On an android device, I am connecting to a remote network using openvpn for performing service discovery. WORKING CASE: After the device is camped on 3g/4g and after connecting to remote network by openvpn, when the zeroconf browser is launched, I can see the mdns query packets being send through the tap0 interface resulting into rendering of services on the browser. From the tcpdump captured on the device, I can see that the mdns query packets are send to tap0 interface. tap0 ip: 192.168.11.200 Route table information: Destination Gateway Genmask Flags Metric Ref Use Iface 76.26.112.234 10.179.240.1 255.255.255.255 UGH 0 0 0 pdpbr1 10.179.240.1 * 255.255.255.255 UH 0 0 0 pdpbr1 32.1.72.136 * 255.255.255.255 UH 0 0 0 pdpbr0 10.179.240.0 * 255.255.255.0 U 0 0 0 pdpbr1 192.168.11.0 * 255.255.255.0 U 0 0 0 tap0 default 192.168.11.1 0.0.0.0 UG 0 0 0 tap0 NOT WORKING CASE: However, after switching on the wifi and connecting it to remote network, when the zeroconf browser is launched, instead of sending the mdns query packets to tap0 interface; these packets are being send to eth0 interface due to which we cannot see the services. From the tcpdump captured on the device, I can see that mdns query packets are send to eth0 interface. tap0 ip: 192.168.11.200 eth0 ip: 192.168.43.230 route table information: Destination Gateway Genmask Flags Metric Ref Use Iface 76.26.112.234 192.168.43.1 255.255.255.255 UGH 0 0 0 eth0 32.1.72.136 * 255.255.255.255 UH 0 0 0 pdpbr0 192.168.11.0 * 255.255.255.0 U 0 0 0 tap0 192.168.43.0 * 255.255.255.0 U 0 0 0 eth0 default 192.168.11.1 0.0.0.0 UG 0 0 0 tap0 In the above case, even though there is a default route for tap0, all the multicast packets are being routed through eth0. How is this possible? Has anyone observed a similar problem and it would be really helpful if you can help us to discover services through zeroconf browser after the device is connected to remote network via openvpn through wifi. Thank You Very much, Mrunal

  Read the article

• Same password for apache and samba with ldap?

  - by barbarossa12d

  Hi, I am experimenting with LDAP. As I see it, apache uses the Unix password field to get the credentials and samba the field that is specific for samba. I just use the LDAP server for a single server, LDAP runs in the same server. What I wanted is to use the same password for apache and samba (and mediawiki etc). Is it possible? If not, are there any alternatives? Thanks!

  Read the article

• Subversion LDAP Configuration

  - by dbyrne

  I am configuring a subversion repository to use basic LDAP authentication. I have an entry in my http.conf file that looks like this: <Location /company/some/location> DAV svn SVNPath /repository/some/location AuthType Basic AuthName LDAP AuthBasicProvider ldap Require valid-user AuthLDAPBindDN "cn=SubversionAdmin,ou=admins,o=company.com" AuthLDAPBindPassword "XXXXXXX" AuthLDAPURL "ldap://company.com/ou=people,o=company.com?personid" </Location> This works fine for living, breathing people who need to log in. However, I also need to provide application accounts access to the repository. These accounts are in a different OU. Do I need to add a whole new <location> element, or can I add a second AuthLDAPURLto the existing entry?

  Read the article

• concrete uses of LDAP?

  - by ajsie

  im new to LDAP. i wonder what are some concrete examples of using LDAP. things that are MUCH more easier to do when you got 3-7 linux computers in a small company network. one use that is very important for me seems to be that you configure LDAP to handle system authentication. then you dont have to create same accounts in all computers. are there other things that are a MUST DO for a small network to save more time? my small network is for apache servers and database servers. and should LDAP be in an own machine? cause i guess its not good to put it in apache or database servers since these are performance dependent.

  Read the article

• Davical + LDAP + NTLM

  - by slavizh

  I have set up a Davical server on CentOS. I've configured it to use LDAP and the users use their usernames and passwords to authenticate to the Davical server. I am using Lightning as client software for calendaring. Using Lightning requires entering username and password everytime, so I decided to set NTLM. I want my users who are logging in the domain to use the calendar server trough Lightning without entering username and password. I've set up NTLM on the Davical server. But when a user trys to reach the calendar trough Lightning first the server asks for NTLM username and password and then ask for the LDAP username and password. It becomes something like double authentication. The problem is that NLTM requires domain\username and passowrd and Davical trough LDAP requires only username and password. So my questions are: Is there a way to change something in Davical so that Davical trough LDAP to requires domain\username and passwords authentication? That way may be trough NTLM the second authentication will proceed silently and the users will user Lightning without entering usernames and passwords Is there a way I can make this double authentication to become one and to use only NTLM? P.S. We have Samba domain with LDAP server and our users use Thunderbird for their mail and I want to put Lightning too. That way they will have calendar service. But I don't want they to enter username and password for the calendar every time they log in. I know they can save that password but that is not an option for my organization.

  Read the article

• Disabling LDAP Signing on Windows PDC in Local Policy

  - by Golmaal

  I just tripped over my own feet it seems. Playing around on a Windows 2008 R2 server (set up as domain controller), I was intrigued by certain warning event (event id 2886) which says: "To enhance the security of directory servers, you can configure both Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS) to require signed Lightweight Directory Access Protocol (LDAP) binds." So I thoughtlessly did some Googling and set the relevant policies which enforce LDAP signing. Now I don't remember but I may have done that using Local Policy. Now I have setup a pfsense box which must authenticate AD users via LDAP. While the firewall can communicate over secure channel, it is difficult to manage the same for other packages such as Squid and SquidGuard. So now I have to disable i.e. undo those policy changes. The problem is that they are greyed out! The policies in question are LDAP server signing and LDAP client signing. I don't remember what I did but when I access these policies from Local Policy editor on the server, they are set to "Require Signing" and are greyed out. The same policies can still be set via Default Domain Controller option in Group Policy editor. So how can I reset these greyed out policies? Thanks

  Read the article

• Allow users to ssh to specific user through ldap and stored public keys

  - by iElectric

  I recently setup gitolite, where users access git repository with "gitolite" user through ssh. Now I would like to integrate that into LDAP. Each user has pubkey in LDAP and if he has "git" objectClass, he would be able to access "gitolite" user through ssh. I know it's possible to store public keys in LDAP, I'm not sure if it possible to allow authentication in "gitosis" account based on objectClass. EDIT: To clarify, with objectClass git, user "foobar" would be able to login as "gitolite" through ssh

  Read the article

• OpenVPN + iptables / NAT routing

  - by Mikeage

  Hi, I'm trying to set up an OpenVPN VPN, which will carry some (but not all) traffic from the clients to the internet via the OpenVPN server. My OpenVPN server has a public IP on eth0, and is using tap0 to create a local network, 192.168.2.x. I have a client which connects from local IP 192.168.1.101 and gets VPN IP 192.168.2.3. On the server, I ran: iptables -A INPUT -i tap+ -j ACCEPT iptables -A FORWARD -i tap+ -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE On the client, the default remains to route via 192.168.1.1. In order to point it to 192.168.2.1 for HTTP, I ran ip rule add fwmark 0x50 table 200 ip route add table 200 default via 192.168.2.1 iptables -t mangle -A OUTPUT -j MARK -p tcp --dport 80 --set-mark 80 Now, if I try accessing a website on the client (say, wget google.com), it just hangs there. On the server, I can see $ sudo tcpdump -n -i tap0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on tap0, link-type EN10MB (Ethernet), capture size 96 bytes 05:39:07.928358 IP 192.168.1.101.34941 > 74.125.67.100.80: S 4254520618:4254520618(0) win 5840 <mss 1334,sackOK,timestamp 558838 0,nop,wscale 5> 05:39:10.751921 IP 192.168.1.101.34941 > 74.125.67.100.80: S 4254520618:4254520618(0) win 5840 <mss 1334,sackOK,timestamp 559588 0,nop,wscale 5> Where 74.125.67.100 is the IP it gets for google.com . Why isn't the MASQUERADE working? More precisely, I see that the source showing up as 192.168.1.101 -- shouldn't there be something to indicate that it came from the VPN? Edit: Some routes [from the client] $ ip route show table main 192.168.2.0/24 dev tap0 proto kernel scope link src 192.168.2.4 192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.101 metric 2 169.254.0.0/16 dev wlan0 scope link metric 1000 default via 192.168.1.1 dev wlan0 proto static $ ip route show table 200 default via 192.168.2.1 dev tap0

  Read the article

• OpenVPN bridge network from routed clients

  - by gphilip

  I have the following setup: subnet 1 - 10.0.1.0/24 with a machine used as NAT and also running an OpenVPN client subnet 2 - 192.168.1/24 with an OpenVPN server (the server in subnet 1 connect here) subnet 3 - 10.0.2.0/24 that uses the NAT machine (subnet 1) to access the internet, so all non-local traffic is routed there to the eth0 interface The OpenVPN client creates the tun0 interface and appropriate routing so that I can access machines from 192.168.1/24 [root@ip-10-0-1-208 ~]# telnet 192.168.1.186 8081 Trying 192.168.1.186... Connected to 192.168.1.186. Escape character is '^]'. [root@ip-10-0-1-208 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.1.1 0.0.0.0 UG 0 0 0 eth0 10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0 10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 169.254.169.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 192.168.0.0 10.8.0.5 255.255.0.0 UG 0 0 0 tun0 However, when I try the same from subnet 3, it can't reach that machine. [root@ip-10-0-2-61 ~]# telnet 192.168.1.186 8081 Trying 192.168.1.186... I suspect that it's because subnet 3 is routed to eth0 on the NAT machine in subnet 1 and it cannot jump to tun0. What's the easiest way to resolve it? I don't want to use iptables. I can't change the routing from machines in subnet 1 because it's done in AWS and so it works only with specific interfaces. Also, the NAT machine gets its IP with DHCP and so bridging is a bit complicated. IP forwarding is set on the NAT machine [root@ip-10-0-1-208 ~]# cat /proc/sys/net/ipv4/ip_forward 1 Thank you!

  Read the article

• How to install a proxy LDAP

  - by Jean-Claude

  I have to install an LDAP proxy on a compute cluster frontend. The idea is to avoid the compute nodes to make too many requests on the campus LDAP server. How can I install this to make it work with the school's LDAP? The frontend OS is a RHEL 6.2. I found that I have to install the LDAP server and configure it as a proxy. But all I can find is examples of /etc/openldap/slapd.conf file configuration but after testing different configuration, no results. Furthermore, according to RHEL 6 - Deployment Guide, this config file is obsolete: OpenLDAP no longer reads its configuration from the /etc/openldap/slapd.conf file. Instead, it uses a configuration database located in the /etc/openldap/slapd.d/ directory. Any help is welcomed. Thank you

  Read the article

• Cross domain LDAP

  - by Adam

  For a system we are developing we have 2 domains an internal and an external domain with bi directional trust between them. However the servers are only able to connect to their own DC's. We have an application server on the internal domain which needs to use an LDAP query to gather a list of users from a group on the external domain. How do i go about writing an LDAP query that asks one DC to go ask another DC for a list of users. I tried querying the internal DC with the same LDAP query I would use if it could hit the external DC directly but this does not work. When i use Softerra LDAP Administraor I can view the full hierarchy of the interal domain but despite the trust relationship between domains i am unable to see any of the external doamin. Any suggestions or help would be greatly appreciated

  Read the article

• nagios ldap-group based front end login permission issues

  - by Eleven-Two

  I want to grant users access to the nagios 3 core frontend by using an active directory group ("NagiosWebfrontend" in the code below). The login works fine like this: AuthType Basic AuthName "Nagios Access" AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthLDAPURL "ldap://ip-address:389/OU=user-ou,DC=domain,DC=tld?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindDN CN=LDAP-USER,OU=some-ou,DC=domain,DC=tld AuthLDAPBindPassword the_pass Require ldap-group CN=NagiosWebfrontend,OU=some-ou,DC=domain,DC=tld Unfortunately, every nagios page just shows "It appears as though you do not have permission to view information for any of the services you requested...". I got the hint, that I am missing a contact in nagios configuration which is equal to my login, but creating one with the same name as the domain user had no effect on this issue. However, it would be great to find a solution without manually editing nagios.conf for every new user, so the admins could grant access to nagios by just putting the user to "NagiosWebfrontend" group. What would be the best way to solve it?

  Read the article

• openvpn in a bridge?

  - by sebelk

  I have a somewhat tricky proble to solve. We have a wireless link between 2 building. One of them has an mikrotik and below there are some vlans. Some machines of one vlan need to use openvpn to connect to a remote private lan. I put a TP-Link WR1043ND (which those machines connect to) with openwrt with ebtables just in case I need it. I've configured openwrt in such a way that all ports belongs to the same vlan. My idea was to make things as transparent as I can. It has a bridge as follows: usr/sbin/brctl-full show br-lan bridge name bridge id STP enabled interfaces br-lan 8000.f8d111565716 no eth0.1 eth0.2 Also I've added an ebtables rule: ebtables -t broute -A BROUTING -p ipv4 -j DROP So "bridge" has only one IP address. I've installed openvpn and I'm trying to bring up the tunnel but I can't still get working. Sure, someone can says why don't you use the vpn on the mikrotik, there are some reasons, the first one is I have little experience with mikrotik and I'd want to have the vpn at hand :) The problem is that openvpn is not working, because it is complaining that I have only one Ip Address on the server side. So I set up and alias interface with another IP address but is not working either: : Rejected connection attempt from IP-Client-Side:37801 due to --remote setting Is there a way to make it work?

  Read the article

< Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >