Search Results

Search found 6090 results on 244 pages for 'digest authentication'.

Page 166/244 | < Previous Page | 162 163 164 165 166 167 168 169 170 171 172 173 | Next Page >

How to make AD highly available for applications that use it as an LDAP service

- by Beaming Mel-Bin

Our situation We currently have many web applications that use LDAP for authentication. For this, we point the web application to one of our AD domain controllers using the LDAPS port (636). When we have to update the Domain Controller, this has caused us issues because one more web application could depend on any DC. What we want We would like to point our web applications to a cluster "virtual" IP. This cluster will consist of at least two servers (so that each cluster server could be rotated out and updated). The cluster servers would then proxy LDAPS connections to the DCs and be able to figure out which one is available. Questions For anyone that has had experience with this: What software did you use for the cluster? Any caveats? Or perhaps a completely different architecture to accomplish something similar?

Read the article
New Session Failed

- by PhilPursglove

We've started to see instances on our Intranet server where for any page the server just responds with the error page 'HTTP/1.1 New Session Failed'. It seems we can fix it by running IISRESET but this feels like we're only treating the symptom. The server is a virtualised server running IIS6 on Windows Server 2003 with 0.5Gb of RAM. Our Intranet is written in ASP, but we also have ASP.NET 2.0 applications running on the web site. The site is set up for Anonymous and Integrated Authentication. What causes IIS to get into this error state? Could the server be saturated with requests i.e. we need to scale out and move some applications onto another server? I've seen KB210842 but I'm not sure it applies as that is applicable to IIS 4

Read the article
Lookup Active Directory entry by implicit UPN

- by Michael-O

In our company exists a forest-wide UPN suffix company.com and almost all user accounts have the explicit UPN set to [email protected]. This value is also set in the Active Directory userPrincipalName attribute. Now we have an application where users perform authentication through Kerberos. So we are given the Kerberos principal, i.e. implicit UPN. We'd like to look up that user and retrieve several LDAP attributes. Since iUPN and userPrincipalName do not match anymore, the lookup is not possible. Is there any "official" way to retrieve a mapping from the Active Direcory? My workaround is to perform a LDAP bind against the realm component and search for the sAMAccountName attribute which matches the user id component of the iUPN. Searching for the mere sAMAccountName in the forest is not possible because the value is unique in the domain only.

Read the article
How to authenticate users in nested groups in Apache LDAP?

- by mark

I've working LDAP authentication with the following setup AuthName "whatever" AuthType Basic AuthBasicProvider ldap AuthLDAPUrl "ldap://server/OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,DC=local?sAMAccountName?sub?(objectClass=*)" Require ldap-group CN=MySpecificGroup,OU=Security Groups,OU=MyBusiness,DC=company,DC=local This works, however I've to put all users I want to authenticate into MySpecificGroup. But on LDAP server I've configured that MySpecificGroup also contains the group MyOtherGroup with another list of users. But those users in MyOtherGroup are not authenticated, I've to manually add them all to MySpecificGroup and basically can't use the nested grouping. I'm using Windows SBS 2003. Is there a way to configure Apache LDAP to do this? Or is there a problem with possible infinite recursion and thus not allowed?

Read the article
What's the difference between sudo su - postgres and sudo -u postgres?

- by Craig Ringer

PostgreSQL users peer authentication on unix sockets by default, where the unix user must be the same as the PostgreSQL user. So people frequently use su or sudo to become the postgres superuser. I often see people using constructs like: sudo su - postgres rather than sudo -u postgres -i and I'm wondering why. Similarly, I've seen: sudo su - postgres -c psql instead of sudo -u postgres psql Without the leading sudo the su versions would make some sense if you were on an old platform without sudo. But why on a less than prehisoric UNIX or Linux would you use sudo su ?

Read the article
Accessing Windows 7 Printer from Ubuntu Linux via LPR/LPD or Samba

- by nitbuntu

Hi, I'm having difficulty printing from my Linux (Ubuntu 10.04) based PC to a printer connected to a Windows 7 machine. I was trying to connect using Samba (version 3.5.6) but this always brings up an authentication screen which never accepts any password I use. So I read somewhere that an alternative is to access the Windows printer via LPR/LPD. I added an LPR/LPD printer in Windows 7, but even within Windows 7, I am not able to print as the print que monitor shows as 'printer busy'. The printer in question is an Epson Stylus DX7400 and works fine when using the standard USB ports....but doesn't when I use with the LPR/LPD ports. I even opened up the TCP/IP port 515 in my McAfee firewall without any success. Any help with this would be highly appreciated. Additionally, does anyone have any idea how I can get Samba working for me?

Read the article
PostgreSQL under Mac OSX Lion. Wrong userpass?

- by Matt

I'm completely helpless, maybe you guys can help me out. I installed PostgreSQL under my new MacOSX Lion. When I try to connect to my localhost with pgAdminIII.app it says: Error connecting to the database: FATAL password authentication failed for user postgres I just have no idea what to do? Non of my passwords work. Neither my adminpass nor "postgres" nor anyhting else. I tried to install it again via the console where I found this helpful link: http://www.peerassembly.com/2011/08/...resql-on-lion/ However the problem is, that when I try to run createuser -a -d _postgres the same password problem appears again. I just can't seem to find a solution to this. Always wrong password. Btw. I have a new User called "PostgreSQL" on my machine after I installed postgres. Any ideas? I'm so stuck and I really need to make this work.

Read the article
How to close the logon process named NtLmSsp ?

- by Aristos

I have a windows 2003 server and time to time I am getting many login failures like this one. Logon Failure: Reason: Unknown user name or bad password User Name: administrator Domain: xx.xx.xx.xx Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: XLHOST Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 173.45.70.100 <- hacker Source Port: 4722 AND Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: user Source Workstation: XLHOST Error Code: 0xC0000064 The question is, how can I close this process of login ?, what I have left open and some one can try to login ? Some notes: I login to the server using tunneling, nothing is open except dns, email, and web ports, not even ftp, and all default ports are change and hidden. I also monitor port scan and capture any one that try to find the hidden ports. Probably it is something open... Thank you in advanced.

Read the article
AirPlay over unicast DNS-SD. Anyone got it working?

- by Moduspwnens

We set up AirPrint using unicast DNS-SD on our campus about a year ago and it turned out to be a big success, so we're looking at trying to get AirPlay working so our faculty and students can wirelessly show content on our classroom projectors. There are still a couple of other things preventing an ideal implementation (username and password authentication, for starters), but I've been trying to set up a working demo nonetheless. Getting AirPrint working was basically just a matter of advertising the same records over a DNS-SD domain instead of the multicast (.local) one, but doing the same thing for AirPlay doesn't seem to cut it. The devices don't recognize the DNS-SD AirPlay servers as available. I've uploaded a screenshot of my DNS-SD configuration with the original (from AirServer, which works normally for multicast) here. I realize this is still a fairly new feature and documentation is lacking, but has anyone been able to get AirPlay working via DNS-SD? If it simply only works over multicast, I can accept that, but its potential is so appealing for us that I thought it'd be worth asking if anyone else has figured it out.

Read the article
Migrating LDAP user and password to SAMBA4 AD

- by Rudy Dajoh

As title suggests. We are migrating from OpenLDAP as user authentication to Samba 4 AD Domain. But I can't find any information on how to transfer passwords and users to Samba 4 AD. How to migrate all LDAP user base at ou=People,dc=company,dc=com to samba 4 AD domain? I don't need to assistance transferring everything, I only need to transfer user accounts. I've finished migrating them all but user/passwords. Can it be done? If so, how?

Read the article
Can't login to SQL Server after moving machine to different office/domain

- by Dan

Our company has just been bought and the over the weekend I have brought up the last few machines to plug into their network (they are under a different Windows Domain). The last machine is our Vault system and the SQL Server was using Windows Authentication. I have plugged it into their network and its working fine, but i cannot connect to SQL Server with Management Studio and, I fear, no backup jobs will also be working. When I try to login under Windows Auth, it has the user name of "NEWDOMAIN\Administrator" (greyed out) and then presents a "login failed" message with error code "18456". Can anyone help me with this, or will I just have to reinstall SQL Server, Vault and restore the backup I took before the move?

Read the article
disable RADIUS for Cisco 2500 wireless controller

- by Tim Vaughan

I have a Cisco 2500 wireless controller and four lightweight access points. I want to use the controller to manage a wireless network secured by WPA only, without using RADIUS or anything else. We'll handle the authentication using a captive portal behind the access points. However, it seems like the controller's default security policy requires a RADIUS server and I can't find out how to switch the policy off. The documentation assumes I'm in an environment which needs heavy-duty security and the use case is actually a small charity/business with much less stringent security requirements. How do I disable the complicated security policy and instead run a simple one that just uses WPA?

Read the article
Meraki's Accounting-Requests to RADIUS server

- by PachinSV

I'm running a RADIUS server with some Meraki APs, the process of Authentications is fine... But it seems that the Meraki Cloud Controller is just sending the authentication packets and not the accounting requests. I've tested the RADIUS sending accounting requests with the radclient tool (locally) and it worked. I think that maybe my RADIUS server is ignoring the accounting requests from the MCC because there are some Vendor Specific Attributes that my RADIUS doesn't know. should I add a Meraki's dictionary to my RADIUS configurations? I'm kind of desperate, any idea?

Read the article
Solaris 10 opencsw git package issue with bitbucket git hosting

- by zephyrus00jp

Has anyone tried using `git' from opencsw package in order to work with bitbucket source hosting service (under solaris10)? I tried to use git as the bitbucket documentation explains, and - under Debian GNU/Linux, it worked flawlessly as described, but - under Solaris 10, I got Authentication Failed message. I even tried to run truss to see anything is suspicious but could not find any smoking gun under solaris why it failed. ldd git-binary didnd't show anything suspicious either (except for the libcrypt library which could be a suspicious to think about export restrictions. Have they shipped incompatible version? BUT since the password is typed into https: connection, I suspect it is only a matter of web-level cryptography and should be universal these days.) I am now tempted to compile git suite under solaris 10, but I did find people who seem to be using git with bitbucket under solaris 10 and am wondering what could be wrong.

Read the article
RODC password replication and A/D sites and subnets

- by Gregory Thomson

I work at a school district with about 30 school sites. Windows 2008 A/D setup - all central at the district office. In A/D, all is under one site, and no subnets defined. One A/D forest and only one domain under that. We're now looking to start putting RODCs at the schools to put the authentication and DNS out there closer to them. I haven't worked with A/D sites and subnets, and only a little with RODC password replication. But just got an invite to a meeting to talk about this tomorrow... If we start breaking down the A/D pieces into sites/subnets, can we also use that as a way to help apply an RODC password replication policy in a way that matches so that only each school sites' users passwords are replicated/cached on their RODC?

Read the article
Backup Exec backup-to-disk folder creation - Access denied

- by ewwhite

I'm having a difficult time creating a backup-to-disk folder in Symantec Backup Exec 12.5 and Backup Exec 2010. The backend storage is a Nexenta/ZFS-based NAS filer sharing the volume via CIFS. I've also seen the issue on other *nix-based NAS devices. I've attempted mapping the drive, providing the full paths to the folder, etc. I can browse to the share just fine from within Windows, but Backup Exec fails to create the B2D folder with different variants of a Unable to create new backup folder. Access denied error. I've attempted creating service accounts in Backup Exec to handle the authentication, but nothing seems to work. What's the key to making this work?

Read the article
Run script when shutting down ubuntu before the logged in user is logged out

- by Travis

I'm writing a script to backup some local directories on a unix machine (Ubuntu) to a samba drive. The script works fine and I've got it running at shutdown and restart using the method described at http://en.kioskea.net/faq/3348-ubuntu-executing-a-script-at-startup-and-shutdown It works by placing the backup script into the /etc/rc6.d and /etc/rc0.d directories. However there is a problem. After looking at the scripts logfile it seems to be run after the user is logged out. We are using LDAP authentication and when the user logs out, the system cannot backup to their samba share. Does anyone know of anyway to run the script before the user is logged out?

Read the article
Windows 7 connect to Lion file sharing

- by McKvack

Trying to access my Mac from a Windows 7 computer, I fail with the infamous error 86 incorrect password. Now this appears to be a well-known problem with countless threads on the internet giving as many "solutions" as there are discussion threads about it (mostly ranging from installing third-party commercial samba servers, to switching to some other protocol, to compiling a plain-vanilla Samba installation - the latter which I will probably do when I give up this :) ) I am stubborn, and I believe there must be some problem here that can be solved or worked around, but there is surprisingly little detail about this problem. It appears to have something to do with a mismatch of authentication methods. Trying to run samba in debug mode: sudo /usr/sbin/smbd -debug -stdout gets me this output when trying to access it from Win 7 ... smb1_dispatch_one [smb_dispatch.cpp:377] dispatching SMB_COM_SESSION_SETUP_ANDX smb1_dispatch_session_setup [session_setup.cpp:261] FIXME erase existing sessions log_gss_error [gssapi_mechanism.cpp:97] gssapi: gss-code: Miscellaneous failure (see text) log_gss_error [gssapi_mechanism.cpp:113] gssapi: mech-code: unknown mech-code 22 for mech unknown What is the problem here, and how do I fix it?

Read the article
need help upgrading small business wifi network

- by Henry Jackson

Our small business currently has 3 wireless access points around the building, each with their own SSID. Security is done with WEP (ick) and MAC address filtering (double ick). We are trying to reconfigure the setup, with these goals: wifi roaming between the access points user-based authentication that isn't as annoying as MAC address filtering. 1) The entire building is hardwired with ethernet, so I assume it should be easy to set up the routers to act as one big network, but I can't figure out how. Can someone point me in the right direction? The routers are consumer-grade linksys routers, is it possible to do this without getting new hardware? 2) For security, we will probably upgrade to WPA2, and I'm thinking of using the Enterprise version so that users can log in with a username, instead of having a single key (so if an employee leaves or something, their access can be removed). We have several on-site Windows servers, can one of them be set up as a RADIUS server, or is that best left to a dedicated machine (again, using existing hardware is good).

Read the article
Windows 2008 Domain Controller - Backup (BDC) to Primary (PDC)

- by Klaptrap

I have created a new domain controller with my single domain forest. I have also made it DHCP and DNS ready - all 3 services have synchronised with the existing W2K8 domain controller. I even migrated the FSMO roles and thought everything was fine. Indeed all machines on network appear to obtain DHCP and DNS from new server and the AD is working on the new server as my internal website uses it for login authentication. I have just noticed, via BgInfo - Sys Internals - that the new server is showing as "backup" and the old as "primary" - I thought I had already achieved this. Have the FSMO roles swapped back - as I have yet to have removed the old server from AD (dcpromo). Do I need to do anything before I run dcpromo on the old server? Any thoughts appreciated....

Read the article
need help upgrading small business wifi network

- by Henry Jackson

Our small business currently has 3 wireless access points around the building, each with their own SSID. Security is done with WEP (ick) and MAC address filtering (double ick). We are trying to reconfigure the setup, with these goals: wifi roaming between the access points user-based authentication that isn't as annoying as MAC address filtering. 1) The entire building is hardwired with ethernet, so I assume it should be easy to set up the routers to act as one big network, but I can't figure out how. Can someone point me in the right direction? The routers are consumer-grade linksys routers, is it possible to do this without getting new hardware? 2) For security, we will probably upgrade to WPA2, and I'm thinking of using the Enterprise version so that users can log in with a username, instead of having a single key (so if an employee leaves or something, their access can be removed). We have several on-site Windows servers, can one of them be set up as a RADIUS server, or is that best left to a dedicated machine (again, using existing hardware is good).

Read the article
need help upgrading small business wifi network

- by Henry Jackson

Our small business currently has 3 wireless access points around the building, each with their own SSID. Security is done with WEP (ick) and MAC address filtering (double ick). We are trying to reconfigure the setup, with these goals: wifi roaming between the access points user-based authentication that isn't as annoying as MAC address filtering. 1) The entire building is hardwired with ethernet, so I assume it should be easy to set up the routers to act as one big network, but I can't figure out how. Can someone point me in the right direction? The routers are consumer-grade linksys routers, is it possible to do this without getting new hardware? 2) For security, we will probably upgrade to WPA2, and I'm thinking of using the Enterprise version so that users can log in with a username, instead of having a single key (so if an employee leaves or something, their access can be removed). We have several on-site Windows servers, can one of them be set up as a RADIUS server, or is that best left to a dedicated machine (again, using existing hardware is good).

Read the article
MSDTC on server x is unavailable

- by Fishcake

I have Windows Server 2003 running in a virtual machine, running some software that is trying to update a database within transactions on my Windows 7 machine (the host for the VM). On my host I have edited the settings for Local DTC by selecting the following Client and Administration Allow Remote clients Allow Remote administration Transaction manager communication Allow inbound Allow outbound No authentication required However when I try to run the software I receive this error: MSDTC on server 'x' is unavailable. Whilst searching for fixes most just suggest making sure the service is running which I have. Cheers!

Read the article
Web based interface for open SSL client certificates

- by Felix

Hi there! We are currently developing a apache2-based web application and want to invite some beta testers to give it a try. To be on the safe side, access should be provided by individual browser certificates (.p12) which are issued using a (fake) CA. Our users should be passing a complete register/login process and some of them will be granted administrative privileges within the application. That's why a preceding simple web-based authentication won't be sufficient. Atm, I am using a serverside shellscript to generate the certificates each time. Do you know about a small, web-based tool to simplify the process of generating / revoking those certificates? Maybe an overview of the CA's index.txt plus the option to revoke a cert and a link to download them directly?

Read the article
media is write protected when using diskshadow.exe, start-bitstransfer powershell cmdlet

- by Aaron - Solution Evangelist

i am trying to use the powershell start-bitstransfer cmdlets to transfer a file i have exposed using a vss snapshot (via diskshadow), but unfortunately i am receiving the following error: Start-BitsTransfer : The media is write protected. At line:1 char:49 + Import-CSV c:\hda1\bits.txt | start-bitstransfer <<<< -transfertype upload -Authentication "Basic" -Credential $cred + CategoryInfo : InvalidOperation: (:) [Start-BitsTransfer], Exception + FullyQualifiedErrorId : StartBitsTransferCOMException,Microsoft.BackgroundIntelligentTransfer.Management.NewBits TransferCommand we really want to utilize the bits endpoint we are attempting to transfer the files to. is there any other way we can go about this (aside from copying the files elsewhere first, unless we can copy one slice at a time and transfer that)?

Read the article

< Previous Page | 162 163 164 165 166 167 168 169 170 171 172 173 | Next Page >