Search Results

Search found 92246 results on 3690 pages for 'user authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 146/3690 | < Previous Page | 142 143 144 145 146 147 148 149 150 151 152 153  | Next Page >

  • What causes session/forms authentication timeouts in MVC3

    - by SimpleUser
    Can somebody please let me know what are the reasons for your authentication to die suddenly, even when you are working on an application without any idle time? Both with and without AJAX calls. And what are the different reasons for getting a 302 redirect from an MVC3 application to the Logon page. Been struggling with an issue with timeouts that happen at random. Sometimes within a few minutes of login to the application and sometimes you can go for hours (with/without idle time) without being thrown out. Thank You

    Read the article

  • mercurial hgwebdir error with basicauth in apache2

    - by Dio
    Hello, I'm having kind of a strange error that I'm trying to track down. I was trying to setup mercurial on my home server this weekend. I seem to have it running up to the point where I'm trying to get repositories published correctly. I'm running Ubuntu 10.04 LTS Mercurial Distributed SCM (version 1.4.3) I followed the hgwebdir guide: http://mercurial.selenic.com/wiki/HgWebDirStepByStep and everything seems to work great, I can pull and push my local repositories. Then I tried to add basic auth changing ScriptAliasMatch ^/hg(.*) /var/hg/hgwebdir.cgi$1 <Directory "/var/hg"> Options ExecCGI FollowSymLinks AllowOverride None </Directory> to ScriptAliasMatch ^/hg(.*) /var/hg/hgwebdir.cgi$1 <Directory "/var/hg"> Options ExecCGI FollowSymLinks AllowOverride None AuthType Basic AuthName hgwebdir AuthUserFile /usr/local/etc/httpd/users Require valid-user </Directory> This works exactly as I'd expect it to when I navigate to the directory via my web browser, but when I hg push get a long section repeating of File "/usr/lib/python2.6/urllib2.py", line 369, in _call_chain result = func(*args) File "/usr/lib/python2.6/urllib2.py", line 855, in http_error_401 url, req, headers) File "/usr/lib/python2.6/urllib2.py", line 833, in http_error_auth_reqed return self.retry_http_basic_auth(host, req, realm) File "/usr/lib/python2.6/urllib2.py", line 843, in retry_http_basic_auth return self.parent.open(req, timeout=req.timeout) followed by File "/usr/lib/pymodules/python2.6/mercurial/keepalive.py", line 249, in do_open self._start_transaction(h, req) File "/usr/lib/pymodules/python2.6/mercurial/url.py", line 419, in _start_transaction return keepalive.HTTPHandler._start_transaction(self, h, req) File "/usr/lib/pymodules/python2.6/mercurial/keepalive.py", line 342, in _start_transaction h.endheaders() File "/usr/lib/python2.6/httplib.py", line 904, in endheaders self._send_output() File "/usr/lib/python2.6/httplib.py", line 776, in _send_output self.send(msg) File "/usr/lib/pymodules/python2.6/mercurial/url.py", line 247, in _sendfile connection.send(self, data) File "/usr/lib/pymodules/python2.6/mercurial/keepalive.py", line 519, in safesend self.connect() File "/usr/lib/pymodules/python2.6/mercurial/url.py", line 273, in connect keepalive.HTTPConnection.connect(self) RuntimeError: maximum recursion depth exceeded while calling a Python object I'm a bit at a loss on this one. I'm really not sure why adding the authorization seems to work fine via my web browser but throw these errors from hg. Any help would be greatly appreciated.

    Read the article

  • Symbolic directory link shared in domain

    - by Sabre
    We have a file server that is 2008R2 STD, it is a member server in a 2008 AD. I need to relocate some of the files and directories and would like to do it behind the scenes more or less without impacting the users. (Reason for this is that some of the files, due to recent software changes, HAVE to be located locally on one of the workstations, but they can be accessed by other applications remotely.) So symbolic links seem the panacea here, I moved a directory to another network share in the same domain (Windows 7 professional), created a symlink to it in the location it used to be in, named it the same thing, and to the local user it seems almost transparent. I.E. When logged into the desktop of the file server, I can go to the directory, open the link, it leaps to the other share as if it were local, exactly what would be expected. Then I tried it from another client computer (Windows 7 professional as well), went through the normal provisioning of R2R and L2R with fsutil... No joy. What I am getting is an access denied "Logon failure: Unknown username or bad password." using the same account that I log on locally to the file server with (Which happens to be the domain admin) So I cannot believe it is telling the truth, or... I assume it is not passing the credentials I am connecting to the first share all the way through the symlink. The end result is I want users on the domain to browser to share A, inside share A is a mixture of directories/files that reside there, and symlinks to directories/files on the second machine over the network in the same domain. Possible? Or am I misunderstanding how the symlink should work?

    Read the article

  • Openldap with ppolicy

    - by nitins
    We have working installation of OpenLDAP version 2.4 which is using shadowAccount attributes. I want to enable ppolicy overlays. I have gone through the steps provided at OpenLDAP and ppolicy howto. I have made the changes to slapd.conf and imported the password policy. On restart OpenLDAP is working fine and I can see the password policy when I do a ldapsearch. The user object looks like given below. # extended LDIF # # LDAPv3 # base <dc=xxxxx,dc=in> with scope subtree # filter: uid=testuser # requesting: ALL # # testuser, People, xxxxxx.in dn: uid=testuser,ou=People,dc=xxxxx,dc=in uid: testuser cn: testuser objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowMax: 90 shadowWarning: 7 loginShell: /bin/bash uidNumber: 569 gidNumber: 1005 homeDirectory: /data/testuser userPassword:: xxxxxxxxxxxxx shadowLastChange: 15079 The password policy is given below. # default, policies, xxxxxx.in dn: cn=default,ou=policies,dc=xxxxxx,dc=in objectClass: top objectClass: device objectClass: pwdPolicy cn: default pwdAttribute: userPassword pwdMaxAge: 7776002 pwdExpireWarning: 432000 pwdInHistory: 0 pwdCheckQuality: 1 pwdMinLength: 8 pwdMaxFailure: 5 pwdLockout: TRUE pwdLockoutDuration: 900 pwdGraceAuthNLimit: 0 pwdFailureCountInterval: 0 pwdMustChange: TRUE pwdAllowUserChange: TRUE pwdSafeModify: FALSE I do not what should be done after this. How can the shadowAccount attributes be replaced with the password policy.

    Read the article

  • Login error in phpMyAdmin, problem setting auth_type in config.inc.php

    - by sergiom
    I'm having a problem accessing phpMyAdmin. A few weeks ago I did succeed configuring it for auth_type = 'cookie', but I still receive an error stating that I should have to set blowfish_secret. That was strange because it was set. So I changed auth_type from cookie to http, but it didn't work. I changed it back to cookie, but it doesn't work anymore. this is the error. phpMyAdmin - Error Cannot start session without errors, please check errors given in your PHP and/or webserver log file and configure your PHP installation properly. this is my C:\wamp\apps\phpmyadmin3.2.0.1\config.inc.php <?php /* Servers configuration */ $i = 0; /* Server: localhost [1] */ $i++; $cfg['Servers'][$i]['verbose'] = 'localhost'; $cfg['Servers'][$i]['host'] = 'localhost'; $cfg['Servers'][$i]['port'] = ''; $cfg['Servers'][$i]['socket'] = ''; $cfg['Servers'][$i]['connect_type'] = 'tcp'; $cfg['Servers'][$i]['extension'] = 'mysqli'; $cfg['Servers'][$i]['auth_type'] = 'cookie'; $cfg['Servers'][$i]['user'] = ''; $cfg['Servers'][$i]['password'] = ''; $cfg['Servers'][$i]['AllowNoPassword'] = false; $cfg['Servers'][$i]['blowfish_secret'] = 'this is my passphrase'; /* End of servers configuration */ $cfg['DefaultLang'] = 'en-utf-8'; $cfg['ServerDefault'] = 1; $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; ?> I changed the blowfish_secret, since I don't remember the old one, and I deleted the cookies in my browser and restartd all wamp services and the browser. After I enter username and password in the login page I get the error. I've tried searching into the log files, but I'm a newbie and I'm not sure I've searched the right ones. I'm using Wamp server 2.0 that has Apache Version : 2.2.11 PHP Version : 5.3.0 MySQL Version : 5.1.36 phpmyadmin : 3.2.0.1

    Read the article

  • why is Mac OSX Lion losing login/network credentials?

    - by Larry Kyrala
    (moved from stackoverflow...) Symptoms So at work we have OSX 10.7.3 installed and every once in a while I will see the following behaviors: 1) if the screen is locked, then multiple tries of the same user/pass are not accepted. 2) if the screen is unlocked, then opening a new bash term may yield prompts such as: `I have no name$` or lkyrala$ ssh lkyrala@ah-lkyrala2u You don't exist, go away! Even when our macs are working normally, everyone here has to login twice. The first time after boot always fails, but the second time (with the same password, not changing anything, just pressing enter again) succeeds. Weird? Workarounds There are some workarounds that resolve the immediate problem, but don't prevent it from happening again: a) wait (maybe an hour or two) and the problems sometimes go away by themselves. b) kill 'opendirectoryd' and let it restart. (from https://discussions.apple.com/thread/3663559) c) hold the power button to reset the computer Discussion Now, the evidence above points me to something screwy with opendirectory and login credentials. Some other people report having these login problems, but it's hard to determine where the actual problem is (Mac, or network environment?). I should add that most of the network are Windows machines, but we have quite a few Macs and Linux machines as well, but I'm not sure of the details of how the network auth is mapped from various domains to others... all I know is that our network credentials work in Windows domains as well as mac and linux logins -- so something is connecting separate systems, or using the same global auth system.

    Read the article

  • .htaccess issue on Apache Web Server in Ubuntu VM

    - by Neon Flash
    I just installed Apache Web Server on Ubuntu 11.04 in VMWare Workstation. I created a basic HTML page, named it index.html and placed it in /var/www directory (document root). I am able to access this web page from my Host OS (Windows 7), by pointing the browser to: http://192.168.2.2/index.html where, 192.168.2.2 is the IP Address of the Ubuntu VM. Next, to test various configurations of .htaccess files, I created a new directory in /var/www called, members. Inside this directory, I created and placed a .htaccess file with the following configuration: AuthUserFile /www/Neon/auth/.htpasswd AuthName "neon's home" AuthType Basic require valid-user IndexIgnore */* I created a directory path like /var/www/Neon/auth/ and then placed a .htpasswd file inside it. To place the username and hash inside the .htpasswd file: I created a username "neon" and calculated the DES hash of a password and placed it inside .htpasswd file in format: username:hash Now, when I try to access the web page: http://192.168.2.2/members/ It does not prompt me to enter the username and password with a popup box. Instead it just displays the index.html which is placed inside members directory. I would like to get this configuration working :)

    Read the article

  • What is my BaseDN supposed to be with the following configuration of OpenLDAP?

    - by fuzzy lollipop
    I have the following in my OpenLDAP configuration. Using the latest version OpenLDAP on Centos 5.3. Installed using yum. From my /etc/openldap/slapd.conf database bdb suffix "dc=company,dc=com" rootdn "cn=Manager,dc=company,dc=com" From my /etc/openldap/ldap.conf BASE dc=company,dc=com I have successfully added an entry with ldapadd and retrieved it with ldapsearch from a local bash shell on the box. Now I am trying to get a Graphical Editor to connect to this server remotely so I can enter people from my laptop. But I am having no luck. I tried JXplorer, and it connects with Anonymous bind without me having to specify a BaseDN but I can't edit anything that way. If I try and give it a user name and password, using Manager and my rootpw I have in clear text just for testing, every GUI Client on my remote laptop complains about my BaseDN not being the correct format when I enter dc=company,dc=com and I tried cn=Manager,dc=company,dc=com. Error opening connection: [LDAP: error code 34 - invalid DN] I have tried multiple clients and all of them connect as anonymous, none let me connect authenticated where I can actually create or edit anything. I am using Manager as my username and the password from rootpw, is that correct?

    Read the article

  • Authenticating Windows 7 against MIT Kerberos 5

    - by tommed
    Hi There, I've been wracking my brains trying to get Windows 7 authenticating against a MIT Kerberos 5 Realm (which is running on an Arch Linux server). I've done the following on the server (aka dc1): Installed and configured a NTP time server Installed and configured DHCP and DNS (setup for the domain tnet.loc) Installed Kerberos from source Setup the database Configured the keytab Setup the ACL file with: *@TNET.LOC * Added a policy for my user and my machine: addpol users addpol admin addpol hosts ank -policy users [email protected] ank -policy admin tom/[email protected] ank -policy hosts host/wdesk3.tnet.loc -pw MYPASSWORDHERE I then did the following to the windows 7 client (aka wdesk3): Made sure the ip address was supplied by my DHCP server and dc1.tnet.loc pings ok Set the internet time server to my linux server (aka dc1.tnet.loc) Used ksetup to configure the realm: ksetup /SetRealm TNET.LOC ksetup /AddKdc dc1.tnet.loc ksetip /SetComputerPassword MYPASSWORDHERE ksetip /MapUser * * After some googl-ing I found that DES encryption was disabled by Windows 7 by default and I turned the policy on to support DES encryption over Kerberos Then I rebooted the windows client However after doing all that I still cannot login from my Windows client. :( Looking at the logs on the server; the request looks fine and everything works great, I think the issue is that the response from the KDC is not recognized by the Windows Client and a generic login error appears: "Login Failure: User name or password is invalid". The log file for the server looks like this (I tail'ed this so I know it's happening when the Windows machine attempts the login): If I supply an invalid realm in the login window I get a completely different error message, so I don't think it's a connection problem from the client to the server? But I can't find any error logs on the Windows machine? (anyone know where these are?) If I try: runas /netonly /user:[email protected] cmd.exe everything works (although I don't get anything appear in the server logs, so I'm wondering if it's not touching the server for this??), but if I run: runas /user:[email protected] cmd.exe I get the same authentication error. Any Kerberos Gurus out there who can give me some ideas as to what to try next? pretty please?

    Read the article

  • Forms Auth: have different credentials for a subdirectory?

    - by Fyodor Soikin
    My website has forms authentication, and all is well. Now I want to create a subdirectory and have it also password-protected, but! I need the subdirectory to use a completely different set of logins/passwords than the whole website uses. Say, for example, I have users for the website stored in the "Users" table in a database. But for the subdirectory, I want the users to be taken from the "SubdirUsers" table. Which probably has a completely different structure. Consequently, I need the logins to be completely parallel, as in: Logging into the whole website does not make you logged into the subdirectory as well Clicking "logout" on the whole website does not nullify your login in the subdirectory And vice versa I do not want to create a separate virtual application for the subdirectory, because I want to share all libraries, user controls, as well as application state and cache. In other words, it has to be the same application. I also do not want to just add a flag to the "Users" table indicating whether this is a whole website user or the subdirectory user. User lists have to come from different sources. For now, the only option that I see is to roll my own Forms Auth for the subdirectory. Anybody can propose a better alternative?

    Read the article

  • When to Store Temporary Values in Hidden Field vs. Session vs. Database?

    - by viatropos
    I am trying to build a simple OpenID login panel similar to how Stack Overflow's works. The goal is: User clicks OpenID/Oauth provider OpenID/Oauth stuff happens, we end up with the result (already made that) Then we want to confirm that the user wants to actually create a new account (vs. associating account with another OpenID account). In StackOverflow, they keep a hidden field on a form that looks like this: <form action="/users/openidconfirm" method="post"> <p>This is an OpenID we haven't seen on Stack Overflow before:</p> <p class="openid-identifier">https://me.yahoo.com/a/some-hash</p> <p>Do you want to associate this OpenID with your Stack Overflow account?</p> <div> <input type="hidden" name="fkey" value="9792ab2zza1q2a4ac414casdfa137eafba7"> <input type="hidden" name="s" value="c1a3q133-11fa-49r0-a7bz-da19849383218"> <input type="submit" value="Associate OpenID"> <input type="button" value="Cancel" onclick="window.location.href = 'http://stackoverflow.com/users/169992/viatropos?s=c1a3q133-11fa-49r0-a7bz-da19849383218'"> </div> </form> Initial question is, what are those hashes fkey and s? Not that I really care what these specific hashes are, but what it seems like is happening is they have processed the openid response and saved it to the DB in a temporary object or something, and from there they generate these keys, because they don't look like Oauth keys to me. Main situation is: after I have processed OpenID/Oauth responses, I don't yet want to create a new user/account until the user submits the "confirm" form. Should I store the keys and tokens temporarily in a "Confirm" form like this? Or is there a better way? It seems that using a temp database object would be a lot of work to manage properly. Thanks for the help. Lance

    Read the article

  • Which parts of the client certificate to use when uniquely identifying users?

    - by miha
    I'm designing a system where users will be able to register and afterward authenticate with client certificates in addition to username/password authentication. The client certificates will have to be valid certificates issued by a configured list of certificate authorities and will be checked (validated) when presented. In the registration phase, I need to store part(s) of the client certificate in a user repository (DB, LDAP, whatever) so that I can map the user who authenticates with client certificate to an internal "user". One fairly obvious choice would be to use certificate fingerprint; But fingerprint itself is not enough, since collisions may occur (even though they're not probable), so we need to store additional information from the certificate. This SO question is also informative in this regard. RFC 2459 defines (4.1.2.2) that certificate serial number must be unique within a given CA. With all of this combined, I'm thinking of storing certificate serial number and certificate issuer for each registered user. Given that client certificates will be verified and valid, this should uniquely identify each client certificate. That way, even when client certificate is renewed, it would still be valid (serial number stays the same, and so does the issuer). Did I miss something?

    Read the article

  • How can I log any login operation in case of "Remember Me" option ?

    - by Space Cracker
    I have an asp.net login web form that have ( username textBox - password textBox ) plus Remember Me CheckBox option When user login i do the below code if (provider.ValidateUser(username, password)) { int timeOut = 0x13; DateTime expireDate = DateTime.Now.AddMinutes(19.0); if (rememberMeCheckBox.Checked) { timeOut = 0x80520; expireDate = DateTime.Now.AddYears(1); } FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(username, true, timeOut); string cookieValue = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieValue); cookie.Expires = expireDate; HttpContext.Current.Response.Cookies.Add(cookie); AddForLogin(username); Response.Redirect("..."); } as in code after user is authenticated i log that he login in db by calling method AddForLogin(username); But if user choose remember me in login and then he try to go to site any time this login method isn't executed as it use cookies ... so i have many questions: 1- Is this the best way to log login operation or is there any other better ? 2- In my case how to log login operation in case of remember me chosen by user ?

    Read the article

  • Problem logging in and changing permissions in Facebook

    - by kujawk
    Hi everybody, I've got a piece of code that logs into Facebook, gets a session, sets status_update and offline_access permission if they are not set, and gets a new session with the newly set permissions. This code used to work fine but now I'm getting error 100 "One of the parameters specified was missing or invalid" as a response to the second call to get session and I can't figure out why. Here's the sequence in detail: CREATE TOKEN restserver.php?method=auth.createToken&api_key=[our key]&v=1.0&format=JSON&sig=[sig created with our secret] response: new token LOGIN m.facebook.com/login.php?api_key=[our key]&v=1.0&auth_token=[token created above] login screen loads and user successfully logs in with their username/password. GET SESSION restserver.php?method=auth.getSession&api_key=[our key]&v=1.0&format=JSON&auth_token=token created above&sig=[sig created with our secret] response: session key with expiration date and a secret CHECK/AUTHORIZE PERMISSIONS restserver.php?method=users.hasAppPermission&api_key=[our key]&v=1.0&format=JSON&ext_perm=status_update&call_id=[proper id]&session_key=[key returned above]&sig=[sig created with secret returned for get session] response: 0 m.facebook.com/authorize.php?api_key=[our key]&v=1.0&ext_perm=status_update authorization screen loads and user authorizes Same steps for status_update CREATE NEW TOKEN Same steps as done to create the first token LOGIN m.facebook.com/login.php?api_key=[our key]&v=1.0&auth_token=[new token] user is already logged in, redirected to their homepage GET NEW SESSION restserver.php?method=auth.getSession&api_key=[our key]&format=JSON&auth_token=[new token]&sig=[sig created with our secret] response: error 100 - missing or invalid parameter. Of course it doesn't tell me which one. Anybody have any ideas what I'm doing wrong here? I tried skipping the second login and going right to creating the new session and that didn't work. The only thing that seems to work is logging out the user after they've authorized the permissions and having them log back in again. I'd like to avoid this if possible. Can you have two outstanding sessions at one time? This code used to work but I'm thinking maybe something changed on Facebook's end that I'm not aware of. Thanks, kris

    Read the article

  • Windows 7 Sysprep Default User

    - by Demonwolf
    I seem to be having a problem with implementing my sysprep. I have been playing with Windows 7, WAIK, Server 2008 R2 and various other things. I managed to create a WIM with everything I need installed and I have worked out the autounattend.xml. I now have a Windows 7 64-bit complete unattended install from a USB device. It has all my programs, setting and everything done except one thing - the default profile set up 100% correctly. I have created a mostly set up default profile. I booted into audit mode, customized the Administrator account (mostly anyway) and then used sysprep with an unattend.xml file containing the copyprofile=true command. The file was set up with the WSIM and does not contain any extra info. This all works wonderfully. I recreated the WIM and all was good. I then decided to move the default location of the visible stuff in the user profile (Documents, Music, Pictures etc.) without changing the location of Appdata or other hidden folders. This is where things went a little... wrong. I went to the user folder (generally has the User name) with all the other folders in it. I right clicked on My Documents, found the location tab and changed it to M:\Documents. Now if I run sysprep /generalize /oobe /reboot /unattend:unattend.xml it starts the generalise... then spits out a fatal error and goes no further. The setuperr.log contains the following errors: 2011-08-18 23:21:43, Error [0x0f0043] SYSPRP WinMain:The sysprep dialog box returned FALSE 2011-08-18 23:31:57, Error [0x0f0082] SYSPRP LaunchDll:Failure occurred while executing 'C:\Windows\System32\slc.dll,SLReArmWindows', returned error code -1073425657 2011-08-18 23:31:57, Error [0x0f0070] SYSPRP RunExternalDlls:An error occurred while running registry sysprep DLLs, halting sysprep execution. dwRet = -1073425657 2011-08-18 23:31:57, Error [0x0f00a8] SYSPRP WinMain:Hit failure while processing sysprep generalize internal providers; hr = 0xc004d307 Does anyone have any ideas how I can redirect My Documents and other items in a user file to a second drive in the default profile so it affects each person logging in?

    Read the article

  • run script as another user from a root script with no tty stdin

    - by viktor tron
    Using CentOs, I want to run a script as user 'training' as a system service. I use daemontools to monitor the process, which needs a launcher script that is run as root and has no tty standard in. Below I give my four different attempts which all fail. : #!/bin/bash exec >> /var/log/training_service.log 2>&1 setuidgid training training_command This last line is not good enough since for training_command, we need environment for trqaining user to be set. : su - training -c 'training_command' This looks like it (http://serverfault.com/questions/44400/run-a-shell-script-as-a-different-user) but gives 'standard in must be tty' as su making sure tty is present to potentially accept password. I know I could make this disappear by modifying /etc/sudoers (a la http://superuser.com/questions/119376/bash-su-script-giving-an-error-standard-in-must-be-a-tty) but i am reluctant and unsure of consequences. : runuser - training -c 'training_command' This one gives runuser: cannot set groups: Connection refused. I found no sense or resolution to this error. : ssh -p100 training@localhost 'source $HOME/.bashrc; training_command' This one is more of a joke to show desparation. Even this one fails with Host key verification failed. (the host key IS in known_hosts, etc). Note: all of 2,3,4 work as they should if I run the wrapper script from a root shell. problems only occur if the system service monitor (daemontools) launches it (no tty terminal I guess). I am stuck. Is this something so hard to achieve? I appreciate all insight and guidance to best practice. (this has also been posted on superuser: http://superuser.com/questions/434235/script-calling-script-as-other-user)

    Read the article

  • User can't SFTP after chroot

    - by Dauntless
    Ubuntu 10.04.4 LTS I'm trying to chroot the user 'sam'. According to all the tutorials out there this should work, but apparently I'm still doing something wrong. The user: sam:x:1005:1006::/home/sam:/bin/false I changed /etc/ssh/sshd_config like this (at the bottom of the file): #Subsystem sftp /usr/lib/openssh/sftp-server # CHROOT JAIL Subsystem sftp internal-sftp Match group users ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no I added sam to the users group: $groups sam sam : sam users I changed the permissions for sam's home folder: $ ls -la /home/sam drwxr-xr-x 11 root root 4096 Sep 23 16:12 . drwxr-xr-x 8 root root 4096 Sep 22 16:29 .. drwxr-xr-x 2 sam users 4096 Sep 23 16:10 awstats drwxr-xr-x 3 sam users 4096 Sep 23 16:10 etc ... drwxr-xr-x 2 sam users 4096 Sep 23 16:10 homes drwxr-x--- 3 sam users 4096 Sep 23 16:10 public_html I restarted ssh and now sam can't log in with SFTP. The session is created, but also closed immediately: Sep 24 12:55:15 ... sshd[9917]: Accepted password for sam from ... Sep 24 12:55:15 ... sshd[9917]: pam_unix(sshd:session): session opened for user sam by (uid=0) Sep 24 12:55:16 ... sshd[9928]: subsystem request for sftp Sep 24 12:55:17 ... sshd[9917]: pam_unix(sshd:session): session closed for user sam Cyberduck says Unexpected end of sftp stream. and other clients give similar errors. What did I forget / what is going wrong? Thanks!

    Read the article

  • Can I change the user id of a user on one Linux server to match another server in /etc/passwd?

    - by user76177
    I have a Rails application that is on a virtual machine (RHEL 6) and it's database is on dedicated hardware (also RHEL 6). The app server has an NFS directory from the db server mounted and accessible. It needs to write images to that server that are uploaded via the app. Background processes on the db server need to read and write to the same directory, as they perform resizing operations on the uploaded files. Right now none of this is working, because the user ids are different between the two systems. I only need this to work for this one application, so it is way too much overhead to put an LDAP system in place. Can I simply change the user id of this one user in one of the systems, or will that cause mass chaos? UPDATE: The fix worked, at least on local devices. Unfortunately the device I have mounted to the main db server still thinks my user id is 502 instead of 506. Do I need to remount that device, or is there an NFS daemon I can stop and restart to refresh it?

    Read the article

  • Accessing SSH_AUTH_SOCK from another non-root user

    - by Danny F
    The Scenario: I am running ssh-agent on my local PC, and all my servers/clients are setup to forward SSH agent auth. I can hop between all my machines using the ssh-agent on my local PC. That works. I need to be able to SSH to a machine as myself (user1), change to another user named user2 (sudo -i -u user2), and then ssh to another box using the ssh-agent I have running on my local PC. Lets say I want to do something like ssh user3@machine2 (assuming that user3 has my public SSH key in their authorized_keys file). I have sudo configured to keep the SSH_AUTH_SOCK environment variable. All users involved (user[1-3]), are non privileged users (not root). The Problem: When I change to another user, even though the SSH_AUTH_SOCK variable is set correctly, (lets say its set to: /tmp/ssh-HbKVFL7799/agent.13799) user2 does not have access to the socket that was created by user1 - Which of course makes sense, otherwise user2 could hijack user1's private key and hop around as that user. This scenario works just fine if instead of getting a shell via sudo for user2, I get a shell via sudo for root. Because naturally root has access to all the files on the machine. The question: Preferably using sudo, how can I change from user1 to user2, but still have access to user1's SSH_AUTH_SOCK?

    Read the article

  • Why can't this user connect to domain share?

    - by Saariko
    Part of my reorganizing credentials in the domain, I have created several users that will be used solely for services (backup, LDAP, etc) The idea is that systems that need specific usage will use a user/service user, that will give them what they need. However, I am having trouble setting the correct needed data. For this example, I have a NAS (Ready NAS 1100 by Netgear), that runs it's own backup jobs. The job reads from a domain share: \domain\qa and copies all data to another location. When using the domain\administrator everything works. When I input the domain\srv.backup user I get an error connecting to the folder. The srv.backup is part of the 'Domain Admins' group, which is a member of 'Administrators' I thought there might be propagation issues, but even when the srv.backup user was a direct member of 'Administrators' the error still occurred. I have 2 DC's (W2K8R2 replicas) - I thought that could also cause a problem, AFAIKT it's not the issue. Sharing permissions are open to everyone The Security on the folder is as follow This is the test window from the NAS dashboard I doubled check that the 'srv.domain' is part of the 'Domain Admins' group As well as tried with a simple 1-9 password. What else do I need to check? thanks.

    Read the article

  • 2000 Server, User can't logon

    - by Mike I
    I hope you can help me. I recently upgraded a workstation at my office (to a whole new machine) and ran into a pretty serious problem. Friday until 5:00 PM, I could access my mail on 2000 Exchange server. When I shut the old workstation down and put in the new workstation, I tried to set up an account. When I put the server name in appropriate field and typed my username and hit check names, my username does not come up. So to troubleshoot, (It also is a SMB server) I try to logon to my file share. (My local credentials are the same as server credientials of user account) When I try to logon to share, I just get the Username/Password screen (Never had gotten that before since credentials are the same) Again, in troubleshooting mode, I try to log on to my user from another workstation. Still can't authenticate via my user. Every other user can authenticate and load up their shares/mailboxes. I have restored Exchange from the backup as of 3 days ago (Thursday) but the exact same issue is still there. I really do not understand what is wrong and what else I can do to troubleshoot. If anyone has some pointers for me, I will surely accept them. Thanks, Mike

    Read the article

  • ASP.NET MVC: Using ProfileRequiredAttribute to restrict access to pages

    - by DigiMortal
    If you are using AppFabric Access Control Services to authenticate users when they log in to your community site using Live ID, Google or some other popular identity provider, you need more than AuthorizeAttribute to make sure that users can access the content that is there for authenticated users only. In this posting I will show you hot to extend the AuthorizeAttribute so users must also have user profile filled. Semi-authorized users When user is authenticated through external identity provider then not all identity providers give us user name or other information we ask users when they join with our site. What all identity providers have in common is unique ID that helps you identify the user. Example. Users authenticated through Windows Live ID by AppFabric ACS have no name specified. Google’s identity provider is able to provide you with user name and e-mail address if user agrees to publish this information to you. They both give you unique ID of user when user is successfully authenticated in their service. There is logical shift between ASP.NET and my site when considering user as authorized. For ASP.NET MVC user is authorized when user has identity. For my site user is authorized when user has profile and row in my users table. Having profile means that user has unique username in my system and he or she is always identified by this username by other users. My solution is simple: I created my own action filter attribute that makes sure if user has profile to access given method and if user has no profile then browser is redirected to join page. Illustrating the problem Usually we restrict access to page using AuthorizeAttribute. Code is something like this. [Authorize] public ActionResult Details(string id) {     var profile = _userRepository.GetUserByUserName(id);     return View(profile); } If this page is only for site users and we have user profiles then all users – the ones that have profile and all the others that are just authenticated – can access the information. It is okay because all these users have successfully logged in in some service that is supported by AppFabric ACS. In my site the users with no profile are in grey spot. They are on half way to be users because they have no username and profile on my site yet. So looking at the image above again we need something that adds profile existence condition to user-only content. [ProfileRequired] public ActionResult Details(string id) {     var profile = _userRepository.GetUserByUserName(id);     return View(profile); } Now, this attribute will solve our problem as soon as we implement it. ProfileRequiredAttribute: Profiles are required to be fully authorized Here is my implementation of ProfileRequiredAttribute. It is pretty new and right now it is more like working draft but you can already play with it. public class ProfileRequiredAttribute : AuthorizeAttribute {     private readonly string _redirectUrl;       public ProfileRequiredAttribute()     {         _redirectUrl = ConfigurationManager.AppSettings["JoinUrl"];         if (string.IsNullOrWhiteSpace(_redirectUrl))             _redirectUrl = "~/";     }              public override void OnAuthorization(AuthorizationContext filterContext)     {         base.OnAuthorization(filterContext);           var httpContext = filterContext.HttpContext;         var identity = httpContext.User.Identity;           if (!identity.IsAuthenticated || identity.GetProfile() == null)             if(filterContext.Result == null)                 httpContext.Response.Redirect(_redirectUrl);          } } All methods with this attribute work as follows: if user is not authenticated then he or she is redirected to AppFabric ACS identity provider selection page, if user is authenticated but has no profile then user is by default redirected to main page of site but if you have application setting with name JoinUrl then user is redirected to this URL. First case is handled by AuthorizeAttribute and the second one is handled by custom logic in ProfileRequiredAttribute class. GetProfile() extension method To get user profile using less code in places where profiles are needed I wrote GetProfile() extension method for IIdentity interface. There are some more extension methods that read out user and identity provider identifier from claims and based on this information user profile is read from database. If you take this code with copy and paste I am sure it doesn’t work for you but you get the idea. public static User GetProfile(this IIdentity identity) {     if (identity == null)         return null;       var context = HttpContext.Current;     if (context.Items["UserProfile"] != null)         return context.Items["UserProfile"] as User;       var provider = identity.GetIdentityProvider();     var nameId = identity.GetNameIdentifier();       var rep = ObjectFactory.GetInstance<IUserRepository>();     var profile = rep.GetUserByProviderAndNameId(provider, nameId);       context.Items["UserProfile"] = profile;       return profile; } To avoid round trips to database I cache user profile to current request because the chance that profile gets changed meanwhile is very minimal. The other reason is maybe more tricky – profile objects are coming from Entity Framework context and context has also HTTP request as lifecycle. Conclusion This posting gave you some ideas how to finish user profiles stuff when you use AppFabric ACS as external authentication provider. Although there was little shift between us and ASP.NET MVC with interpretation of “authorized” we were easily able to solve the problem by extending AuthorizeAttribute to get all our requirements fulfilled. We also write extension method for IIdentity that returns as user profile based on username and caches the profile in HTTP request scope.

    Read the article

  • Can't create add a SQL Server user: The login already has an account under a different user name.

    - by Zian Choy
    Environment: SQL Server 2005 Express Windows 7 When I installed SQL Server, I followed the instructions at http://msdn.microsoft.com/en-us/library/aa905868.aspx to set my computer's admin account as the SQL Server admin. However, when I try to access a database on my computer through Visual Studio 2008, I get the following error message: --------------------------- Microsoft Visual Studio --------------------------- The database 'Parkinsons' does not exist or you do not have permission to see it. Would you like to attempt to create it? --------------------------- Yes No --------------------------- Then, if I go to SQL Server and add a user to that database, I get the following error message: TITLE: Microsoft SQL Server Management Studio Express ------------------------------ Create failed for User 'zian'. (Microsoft.SqlServer.Express.Smo) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.2047.00&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Create+User&LinkId=20476 ------------------------------ ADDITIONAL INFORMATION: An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.Express.ConnectionInfo) ------------------------------ The login already has an account under a different user name. (Microsoft SQL Server, Error: 15063) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=09.00.4053&EvtSrc=MSSQLServer&EvtID=15063&LinkId=20476 ------------------------------ BUTTONS: OK ------------------------------ Why doesn't VS piggy back on the dbo account? If the dbo account is unusable, then why won't SQL Server let me make an account so that I can access my own data?

    Read the article

  • Disable the user of Internet explorer through policies when called from HTML help

    - by Stephane
    Hello, I have a locked down environment where users are prohibited from doing, well, basically anything but run the specific programs we specify. We just switched a program from using the venerable "WinHELP" help format to HTML help (CHM) but that seem to have an unwanted and rather dangerous side effect: when a user click on a hyperlink inside the HTML help, a new internet explorer window is opened and the user is free to browse and do terrible things to my server (well, not that much, but still...) I have checked the session in this case and the IE window is actually hosted within the help engine: there is no iexplore.exe process running in the user session (and it cannot: it's explicitly prohibited). We have disable all help right now until we find a solution. I'm working with the help team to have all external URLs removed from the help file but that is going to be a long and error-prone task. Meanwhile, I've checked all the group policies option but I have to say that I was unable to find anything that would prevent a standalone IE window hosted in a random process from running. I don't want to disable WinHTTP or the IE rendering engine or anything of the sort. But I need to prevent all users members of a specific AD user group from ever having an IE window displayed to them. The servers are running Windows 2003 and Citrix metaframe 4.5. Thanks in advance

    Read the article

  • SQL Server 2008: Getting Login failed for user "Domain\User". Failed to open the explicitly specified database [CLIENT: IP.ADD.RR.ESS]

    - by GodEater
    This is a very similar issue to " SQL Server 2008 login problem with ASP.NET application: Failed to open the explicitly specified database " which unfortunately seems to have gone unsolved. My issue here is subtly different. Firstly the account failing login is not 'NT AUTHORITY\NETWORK SERVICE' - it's an actual domain account. Secondly, there are two machines involved - I gathered from the first question it was a single machine running both the IIS and SQL instances. The application which is trying to connect to the database is an ASP.NET one running on another server (if that makes any different, I'm not sure it does.) The ConnectionString being used in the web.config for the application is : data source=MySQLServer;initial catalog=MyDatabase;integrated security=sspi; And the Application Pool is set to NetworkService for Identity. So - in the web app, I get the following error : Cannot open database "MyDatabase" requested by the login. The login failed. Login failed for user 'MyDomain\WebServerMachineName$' In the SQL Server logs I see : Login failed for user 'MyDomain\WebServerMachineName$'. Reason: Failed to open the explicitly specified database. [CLIENT: Web.Server.IP.Address] Running this bit of SQL against the database in question : USE [MyDatabase] GO SELECT SDP.name AS [User Name], SDP.type_desc AS [User Type], UPPER(SDPS.name) AS [Database Role] FROM sys.database_principals SDP INNER JOIN sys.database_role_members SDRM ON SDP.principal_id=SDRM.member_principal_id INNER JOIN sys.database_principals SDPS ON SDRM.role_principal_id = SDPS.principal_id Gets me this result : MyDomain\WebServerMachineName$ WINDOWS_USER DB_DDLADMIN MyDomain\WebServerMachineName$ WINDOWS_USER DB_DATAREADER MyDomain\WebServerMachineName$ WINDOWS_USER DB_DATAWRITER Which appears to me to indicate I've got the permissions right. Anyone have any idea why it's not working, or how I can narrow the issue down some more?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 142 143 144 145 146 147 148 149 150 151 152 153  | Next Page >