Search Results

Search found 9696 results on 388 pages for 'proxy authentication'.

Page 265/388 | < Previous Page | 261 262 263 264 265 266 267 268 269 270 271 272 | Next Page >

"Account locked out" security event at midnight

- by Kev

The last three midnights I've gotten an Event ID 539 in the log...about my own account: Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 539 Date: 2010-04-26 Time: 12:00:20 AM User: NT AUTHORITY\SYSTEM Computer: SERVERNAME Description: Logon Failure: Reason: Account locked out User Name: MyUser Domain: MYDOMAIN Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: SERVERNAME Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: - Source Port: - It's always within a half minute of midnight. There are no login attempts before it. Right after it (in the same second) there's a success audit entry: Logon attempt using explicit credentials: Logged on user: User Name: SERVERNAME$ Domain: MYDOMAIN Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: MyUser Target Domain: MYDOMAIN Target Logon GUID: - Target Server Name: servername.mydomain.lan Target Server Info: servername.mydomain.lan Caller Process ID: 2724 Source Network Address: - Source Port: - The process ID was the same on all three of them, so I looked it up, and right now at least it maps to TCP/IP Services (Microsoft). I don't believe I changed any policies or anything on Friday. How should I interpret this?

Read the article
Unable to edit CIFS Share permissions

- by Datapimp23

Hi, I have this backup Disk to disk device HP Storageworks 2540i. Managing the device is via a web interface. I joined the device into our AD domain in the CIFS server configuration. I then created a CIFS share called backupdata. If I try to access it I'm prompted for a login. The permissions tab in the web interface is empty. The following message is displayed. "CIFS Authentication is managed through Active Directory" However I do not find the share in AD. I forced replication between all DCs and I do not find it. Is there another way to edit the permissions?

Read the article
Rewrite request URI based on Host header in HAProxy

- by DorinC

I would like to set up HAProxy to forward HTTP requests to some backend servers but I need it to also rewrite the URI part based on the Host. I've read through the doc but it seems that reqirep isn't suitable for this purpose. Any idea if this is even possible with HAProxy? Here are the details of what I'm trying to accomplish: Requests that come in on: http://www.original-domain.com/ would be balanced between: http://server1/domains/www.original-domain.com/ ... http://serverN/domains/www.original-domain.com/ The proxy should be able to handle this for any number of domains (original-domain.com can be anything, it's not limited to a fixed set of values). For this to work HAProxy would need to rewrite a request like this: GET /original-uri HTTP/1.1 Host: original-domain.com to: GET /domains/original-domain.com/original-uri HTTP/1.1 Host: serverN and forward that request to one of the internal servers.

Read the article
How a password is transmited to AD Server

- by erdogany

My question is how ADSI performs SetPassword operation. According to what I have read ADSI is a COM interface and it has more capabilities than AD provides through LDAP. While you are suppose to update unicodePwd attribute of a personaccount entity through LDAP, ADSI provides you SetPassword call. I know that ADSI & AD provides Kerberos during authentication. So how the password is transmitted to server when SetPassword is called? Is it raw binary unencrypted data? Or does Kerberos comes into play at this call?

Read the article
Using 2 Transparent HAProxy for load balancing

- by Nyxynyx

We can configure HAProxy to be a transparent proxy by using the guide here, where one of the steps says ...to put the backend servers in a different subnet to the front end clients and make sure that the default gateway points back at the HAProxy load balancer. However when we need to have 2 transparent HAProxy in front of our balanced servers (for redundancy), it seems like this wont work as we can only set one gateway for our balanced servers. What will be the correct way to setup the system such that we can have 2 transparent HAProxy infront of the balanced servers? The main reason for having transparent proxies is the need to find the client's IP addresses over TCP.

Read the article
2 routers, both DHCP, no IP assigned

- by piobyz

I can't get DHCP to assign IP to my wireless devices. My network config is as follows: Nanostation5 Linksys WRT350N, which is connected with Nanostation via its INTERNET port. Nanostation: LAN IP Address: 192.168.1.20 WLAN IP Address: 192.168.0.79 Network Mode: Router and is getting its IP via DHCP from my ISP Netmask: 255.255.255.0 Gateway IP: 192.168.1.1 LAN Network settings: IP Address: 192.168.1.20 Netmask: 255.255.255.0 Enable NAT: YES ENABLE DHCP Server: YES Range 192.168.1.100 ~ 250 Netmask: 255.255.255.0 Enable DNS Proxy: YES Linksys: Internet Connection Type: DHCP Router IP: 192.168.2.1 Subnet Mask: 255.255.255.0 DHCP: Enabled Start IP: 192.168.2.100 ~ 120 Advanced Routing: NAT: Enabled What I can do is connecting manually with this config: IP: 192.168.2.101 Subnet Mask: 255.255.255.0 Router: 192.168.2.1 DNS: 192.168.1.20 Search domains: WRT350N I want to be able to connect to both routers independently(now its 192.168.1.20 for Nanostation, and 192.168.2.1 for Linksys) and connect any wireless device using DHCP. What should be IP ranges, masks, etc. on both devices?

Read the article
Domains propagation issues.

- by Andrew

Hello to all. I got very strange issue, really weird. On weekend, May 9th I changed my server location from US to UK. Of course, everything works correctly excluding domains. There's something wrong. I got few domains on this server but I still cannot access them. When I try from the other location it works correctly. The most funny situation is that everything is working correctly from my girlfriend's work, about 500 meters from our house, but they have another ISP. It also works when I access the domains via proxy server. I checked who.is informations and everything seems to be working. On Sunday and today morning I was able to access my domains but only for a while. When I refreshed website second time I got error "Firefox was not able to connect server". Since then I'm still getting this error. Could it be my ISP fault? Regards, Andrew

Read the article
Return http status ok (200) on request method OPTIONS Apache

- by jazz

I have a apache server which uses Reverse Proxy to connect/direct to a tomcat server. Using virtualHost, RequestHeader set X-Forwarded-Proto "http" ServerName image.abc.local DocumentRoot "/var/www/html" ProxyRequests Off ProxyTimeout 600 ProxyPass /abc http://image.abc.local:9001/abc ProxyPass /xyz http://image.abc.local:9001/xyz ProxyPassReverse /abc http://image.abc.local:9001/abc ProxyPassReverse /xyz http://image.abc.local:9001/xyz what i want to achieve here is that, when there is a REQUEST_METHOD OPTIONS i want simply return HTTP status OK (200). I dont want the request to be received by the tomcat server and process it. For performance based concerns i want this request to be handled at apache level. with all the research i was still unable to get this to run; RewriteEngine on RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule .* - [R=200m] can somebody assist me with what rewrite rule should be there? or is there an alternative to RewriteEngine? Thanks

Read the article
Is there a way to allow administrators to change or reset user passwords?

- by Jon Seigel

We have a custom MembershipProvider implementation using form-based authentication (FBA) under Sharepoint 2007. I've searched high and low on Google, but only found: Active directory and FBA implementations to allow users to change their own password Active directory instructions (including video!) for administrators to change other users' passwords Have we missed an option to enable the latter under FBA? Should this work by default and is the MembershipProvider misbehaving? The procedure to do this as under active directory would be ideal, but the "Change Password" link does not appear in the Edit User screen. We verified that the logged-in user is a site collection administrator.

Read the article
Postfix tutorial inconsistency

- by Desmond Hume

I'm following this tutorial to setup a Postfix/Dovecot mail server with Postfix Admin as a web front end. As regards directory structure for virtual mail users, the author of the tutorial writes: Virtual mail users are those that do not exist as Unix system users. They thus don't use the standard Unix methods of authentication or mail delivery and don't have home directories. That is how we are managing things here: mail users are defined in the database created by Postfix Admin rather than existing as system users. Mail will be kept in subfolders per domain and account under /var/vmail - e.g. [email protected] will have a mail directory of /var/vmail/example.com/me. But when he gives instructions about configuring Postfix Admin, he suggests this to be contained by Postfix Admin's config.inc.php: // Mailboxes // If you want to store the mailboxes per domain set this to 'YES'. // Examples: // YES: /usr/local/virtual/domain.tld/[email protected] // NO: /usr/local/virtual/[email protected] $CONF['domain_path'] = 'NO'; Is there an inconsistency?

Read the article
Good option for a transparent internet gateway on Mac OS X

- by Gareth

Hi I have a small network of Mac systems, and would like to add some internal monitoring of our internet usage, which has recently begun to climb. I would like to configure one of the machines as an internet gateway, and install some monitoring software that could provide graph indications of network usage by machine. The machine would then double as a workstation and as the internet gateway. I can manually configure the machines on the network to use it as a gateway, and would prefer to avoid an explicit http proxy (although it is an option if necessary). What software would serverfault users recommend to provide simple, easily configurable and maintainable network monitoring on Mac OS 10.5.7 (non-server)? The simplest requirement is monitor usage by IP Address, but additional tracking (e.g. destination, protocol, etc) would be useful.

Read the article
Virtual Box ie7 won't connect to the internet

- by j-man86

I use IE7 & IE8 disk images from microsoft and Virtual Box to test my websites in IE. One day I stopped being able to connect to the internet with virtual box, seemingly after trying to alter proxy related settings to view Hulu.com outside of the U.S... I don't know whether it's coincidence or not. Anyway, I am using the 'PCnet-FAST III (NAT)' adapter with virtual box. Can you guys help me troubleshoot this issue? What information do you need on my current settings? Thanks so much!

Read the article
Mac OSX Server: svn via ssh command line and encrypted passwords.

- by Ben Clayton

Hi all. When I log into our mac mini server running OSX 10.6 via ssh and use svn I get the message: ATTENTION! Your password for authentication realm: can only be stored to disk unencrypted! You are advised to configure your system so that Subversion can store passwords encrypted, if possible. See the documentation for details. You can avoid future appearances of this warning by setting the value of the 'store-plaintext-passwords' option to either 'yes' or 'no' in '/Users/xxxxxxxx/.subversion/servers'. I dont' want to store the password unencrypted though. I've found some details on how to use GNOME keychain in linux to sort this, but nothing on how to use macosx's keychain. Anyone got any ideas? Thanks a lot!

Read the article
Trouble getting FTP login to work in IIS6

- by Frank Rosario

Hello all, I'm trying to setup an FTP site for one of my clients to pickup files from us using IIS6. I've created the FTP site, have set to not isolate users (not necessary as FTP will be read only with authentication). Here's the problem. The FTP is to be password protected, so I turned of anonymous access on the FTP site. I then created a ftpuser account on the machine, and gave it read and browse directory permissions on the ftp's root directory. However, when I go to test the ftpuser login, I get a 530 "ftpuser cannot login" error. However, if I browse to same directory over HTTP (anonymous access turned off as well) and enter the ftpuser login info, I can download files and browse directories successfully. Why is the ftpuser working over HTTP but not FTP? Shouldn't I be able to login over FTP with the ftpuser login information I just created? Thanks in advance, - Frank

Read the article
How can I download django-1.2 and use it across multiple sites when the system default is 1.1?

- by meder

I'm on Debian Lenny and the latest backports django is 1.1.1 final. I don't want to use sid so I probably have to download django. I have my sites located at: /www/ and I plan on using mod_wsgi with Apache2 as a reverse proxy from nginx. Now that I downloaded pip and virtualenv through pip, can someone explain how I could get my /www/ sites which are yet to be made to all use django-1.2? Question 1.1: Where do you suggest I download django-1.2? I know you can store it anywhere but where would you store it? Question 1.2: After installing it how do you actually tie that django-1.2 instead of the system default django 1.2 to the reverse proxied Apache conf? I would prefer it if answers were more specific than vague and have examples of setups.

Read the article
Logging all Firefox HTTP Request Headers?

- by Hayek

I'm using Ruby+Watir to request pages through Firefox. I would like to record the headers and content of every http request made through the browser. Would it be possible to configure a proxy solution to store this information, either in a file or pipe it into an application? I'm running Ubuntu x64. // Edit: I would like to store the data in logs because I would like to view it later. Preferably, I am looking for a solution that runs quietly in the background and stores the headers/content in files.

Read the article
Asp.net hashing (using codesmith) when upgrading from .net 2.0 to 3.5

- by user34505

Hi, I'm administrating servers running IIS 6, hosting a website on ASP.NET 2.0. Yesterday I installed .Net framework 3.5, and all my user authentication system was lost. Users can't log in, because their password arn't getting authenticated, maybe because the hash function has changed in 3.5??? I can't really get to the code, but I know it uses an extention called CodeSmith. Do you know of any break my upgrade the 3.5 ugrade could couse? Please help. Thanks.

Read the article
How to configure the roles in my tomcat application to work with JNDI(WIN AUTH)

- by Itay Levin

Hi, I'm trying to change the authentication mode of my application from JDBC-REALM to JNDI-REALM. I configured the following section inside the Server.xml <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://****:389/DC=onsetinc,DC=com??sAMccountName?sub?(objectClass=*)" connectionName="[email protected]" connectionPassword="password" userBase="CN=Users" referrals="follow" userSearch="(sAMAccountName={0})" userSubtree="true" roleBase="CN=Users" roleName="name" roleSubtree="true" roleSearch="(member={1})"/> I have also configured the web.xml under my appfolder to contain the following: <security-role> <role-name>Admin</role-name> </security-role> <security-role> <role-name>WaterlooUsers</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>Tube</web-resource-name> <url-pattern>/ComposeMessage.jsp</url-pattern> <url-pattern>/PageStatus.jsp</url-pattern> <url-pattern>/UserStatus.jsp</url-pattern> <url-pattern>/SearchEC.jsp</url-pattern> <url-pattern>/SearchEC2.jsp</url-pattern> <url-pattern>/SearchMessageStatisticsEC.jsp</url-pattern> <url-pattern>/SearchMessageStatus.jsp</url-pattern> <url-pattern>/SearchMessageStatisticsPager.jsp</url-pattern> <url-pattern>/SearchPageStatus.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>WaterlooUsers</role-name> </auth-constraint> </security-constraint> In my Active directory i have created a new group called WaterlooUsers It's distinguish name is : distinguishedName: CN=WaterlooUsers,CN=Users,DC=onsetinc,DC=com It has a property member which contains the following user: member: CN=Itay Levin,CN=Users,DC=onsetinc,DC=com (which is my user) My record on the active directory looks like that: sAMAccountName: itayL distinguishedName: CN=Itay Levin,CN=Users,DC=onsetinc,DC=com memberOf: CN=WaterlooUsers,CN=Users,DC=onsetinc,DC=com and when i get the popup for user/password i enter the username "ItayL" in the authentication message box (and my password) I have 2 questions: How do i configure correctly the roles parameters correctly in the Realm section in the server.xml to enable me to both authenticate and authorize both this group of users WaterlooUsers and also assign them to the appropriate role so that they can see all the relevant pages in my website. - currently it seems that all the Users in my domain are authenticated to the site but get the http-403 Error and can't access any of the pages in the site. I also want to be able to create 2 different set of roles in my site - which can both have access to the same pages - but will see different things on the page. (for instance adding some administrative ability to the admin) Hope it was clear enough and not too long. Thanks in advance, Itay

Read the article
VirtualBox - Mac OSX host Win7 guest - no Internet access for guest VM

- by nodelayheehoo

I have a Mac running OSX 10.9.2, and I just downloaded and installed a Win7 IE9 VM in VirtualBox. My Mac uses Wi-Fi for internet access, and it's behind a proxy (it's a work machine). VirtualBox loads the VM fine, and at some point the VM can see the DNS servers of the host. But I've never been able to make the VM have internet access. I've tried all kinds of combinations of Network settings on the VM via the VirtualBox Settings, in conjunction with Internet Sharing in OSX's System Preferences, but no luck. Has anyone done a similar setup and made the VM successfully connect to the Internet? Thanks in advance for any inputs. [ Update: I was able to get internet access for the VM when the host was using my home network. When I ran the VPN software to connect to the work network, the internet access went away again.] (Initially posted this on stackoverflow.com, but it was put on hold as off-topic by several users, and was advised to ask here instead)

Read the article
How can I create an external SSL wrapper/tunnel page for an insecure webpage behind a firewall?

- by Ross Rogers

I have an security cam with a built-in webpage inside my home network. That camera is using basic HTTP authentication instead of SSL. I want to be able to access the camera's webpage from outside my network, but I don't want to open an unencrypted video stream to the outside world. Right now, I'm doing some cumbersome ssh tunneling where I bounce off an ssh server like: ssh -N -L 9090:CAMERA_IP:80 [email protected] and then I connect to my web page like: http://localhost:9090 But this is a pain. Now, gentle reader, I beseech you to tell me how I can use linux (Ubuntu) to get a fully encrypted SSL connection to my internal web page without the hassle of creating an ssh tunnel each time. I believe I can use stunnel, but I'm not sure of the command.

Read the article
Blocking the Apple OS X App Store

- by Jon Rhoades

Being the evil corporate IT overlords we need to block the new OS X App Store. As you may be aware the 10.6.6 update installs the App Store App which allows users to download and install apps without admin privileges. Some Suggestions: Don't update to 10.6.6+ Use parental controls Presumably some OD policy (if you have an OD server which we don't) Block the App store by DNS or Proxy Not updating to 10.6.6+ isn't really a long term solution as it contains security fixes and new Macs will come with it anyway. Blocking the App store at a network level doesn't solve laptop users. Ideally a simple system preference or editing of a plist that can be pushed out by ARD would be the best solution. Please note the question isn't should we block the App store, it's how we can block the App store.

Read the article
Kerberos: connection from win app running from IIS to SQL failed

- by Mikhail Kislitsyn

I have an IIS web-application with Windows authentication and impersonation. This application connects to SQL server. In this case Kerberos works fine. But there is a problem. Web-application runs windows application (not .NET), which also connects to the SQL server. Windows application runs with IIS app user credentials and impersonates current site user to connect to SQL server. scheme: http://i.stack.imgur.com/2cgv7.png When delegation for IIS user is set to "Trust this computer for delegation to any service" everything works fine. But I can't use this type of delegation according to security requirements. When I set delegation to "Specific services" and choose MSSQLSvc SPN, connection from windows application fails with "ANONIMOUS" fault. WireShark shows "KRB5KDC_ERR_BADOPTION" packet. What I'm doing wrong?

Read the article
Certain web pages are suddenly not rendering properly in FireFox

- by LeopardSkinPillBoxHat

I am using FireFox 3.6.3. I noticed in the last couple of days that several webpages which I visit regularly are not rendering properly. A lot of the text is overlapping with other text and it basically looks like the style sheet is completely screwed up. I have tried disabling all of my Add-Ons and it doesn't make a difference. When I use Coral IE Tab to render the pages using IE they display without any problems. The websites which are not rending properly for me are: The Age Google Reader One interesting thing I noticed is that if I modify the Google Reader URL to not use SSL (i.e. change https to http) it renders without any issues. However, The Age website is not using SSL, and that still doesn't render properly. I have also disabled my Proxy Server (I normally use one at work) but this doesn't make a difference either.

Read the article
What to do if I can't ping my DNS?

- by Moshe Lewin

On my Windows XP SP3 machine I can only browse (with any browser) by putting in an ip address. If I put in any domain name it doesn't work. Skype and IM work. In command prompt nslookup works to resolve the name to an ip address, but ping does not work using a domain name, only using the ip address. Other computers on the same network can surf the net normally without any problems. I am not using a proxy. I already reset winsock and tcpip stack to no avail. Can anyone help me solve the problem?

Read the article
Why is DAVExplorer not connecting?

- by C.W.Holeman II

DAVExplorer is not connecting. Connecting to a WebDAV Server states: Once you have entered a location URL, and (if necessary) your login name and password, DAV Explorer will connect to the remote WebDAV server, and request a listing of the resources there. A hierarchical view of the sub-collections will be displayed Invoke Apache Jackrabbit $ java -jar jackrabbit-standalone-2.0.0.jar --port 8200 Welcome to Apache Jackrabbit! ------------------------------- Using repository directory jackrabbit Writing log messages to jackrabbit/log Starting the server... Apache Jackrabbit is now running at http://localhost:8200/ Use DAVExplorer $ java -jar DAVExplorer.jar Then connect to localhost:8200/repository/default/ which pops up: Login ===== Login name: [admin] Password: [admin] <OK> The pop up closes then nothing changes. Using cadaver confirms Jackrabbit is working: $ cadaver http://localhost:8200/repository/default/ Authentication required for Jackrabbit Webdav Server on server `localhost': Username: admin Password: dav:/repository/default/> ls Listing collection `/repository/default/': succeeded. Coll: com 0 Mar 13 11:07 Coll: it 0 Mar 13 11:07 Coll: net 0 Mar 13 11:07 Coll: org 0 Mar 13 11:07 Coll: za 0 Mar 13 11:07

Read the article

< Previous Page | 261 262 263 264 265 266 267 268 269 270 271 272 | Next Page >