Search Results

Search found 9696 results on 388 pages for 'proxy authentication'.

Page 270/388 | < Previous Page | 266 267 268 269 270 271 272 273 274 275 276 277 | Next Page >

Unix domain socket firewall

- by lagab

Hello, everyone. I've got a problem with my debian server. Probably there is some vulnerable script at my web-serser, which is running from www-data user. I also have samba with winbind installed, and samba is joined to windows domain. So, probably this vulnerable script allows hacker to bruteforce out domain controller through winbind unix domain socket. Actually I have lots of such lines at netstat -a output: unix 3 [ ] STREAM CONNECTED 509027 /var/run/samba/winbindd_privileged/pipe And our DC logs contain lots of recorded authentication attems from root or guest accounts. How can I restrict my apaches access to winbind? I had an idea to use some kind of firewall for IPC sockets. Is it possible?

Read the article
openldap proxied authorization

- by bemace

I'm having some trouble doing updates with proxied authorization (searches seem to work fine). I'm using UnboundID's LDAP SDK to connect to OpenLDAP, and sending a ProxiedAuthorizationV2RequestControl for dn: uid=me,dc=People,dc=example,dc=com with the update. I've tested and verified that the target user has permission to perform the operation, but I get insufficient access rights when I try to do it via proxy auth. I've configured olcAuthzPolicy=both in cn=config and authzTo={0}ldap:///dc=people,dc=example,dc=com??subordinate?(objectClass=inetOrgPerson) on the original user. The authzTo seems to be working; when I change it I get not authorized to assume identity when I try the update (also for searches). Can anyone suggest what else I should look at or how I could get more detailed errors from OpenLDAP? Anything else I can test to narrow down the source of the problem?

Read the article
Windows 7 connect to Lion file sharing

- by McKvack

Trying to access my Mac from a Windows 7 computer, I fail with the infamous error 86 incorrect password. Now this appears to be a well-known problem with countless threads on the internet giving as many "solutions" as there are discussion threads about it (mostly ranging from installing third-party commercial samba servers, to switching to some other protocol, to compiling a plain-vanilla Samba installation - the latter which I will probably do when I give up this :) ) I am stubborn, and I believe there must be some problem here that can be solved or worked around, but there is surprisingly little detail about this problem. It appears to have something to do with a mismatch of authentication methods. Trying to run samba in debug mode: sudo /usr/sbin/smbd -debug -stdout gets me this output when trying to access it from Win 7 ... smb1_dispatch_one [smb_dispatch.cpp:377] dispatching SMB_COM_SESSION_SETUP_ANDX smb1_dispatch_session_setup [session_setup.cpp:261] FIXME erase existing sessions log_gss_error [gssapi_mechanism.cpp:97] gssapi: gss-code: Miscellaneous failure (see text) log_gss_error [gssapi_mechanism.cpp:113] gssapi: mech-code: unknown mech-code 22 for mech unknown What is the problem here, and how do I fix it?

Read the article
Trying to test Domain Collapsing / Consoldiation validity for SEO purposes

- by Roy Rico

At work, we're trying to determine the effectiveness of domain collapsing for SEO purposes. Our current structure is to have multiple web apps served from different servers, such as PUBLIC URLS - directly accessed by users www1.somecompany.com/webapp1 www2.somecompany.com/webapp2 www3.somecompany.com/webapp3 I'm proposing to put an Apache proxy in front of these applications that will mask the different domains and route the requests to proper server PUBLIC URL--------routed/forwarded to-----PRIVATE URL www.somecompany.com/webapp1 <-----> www1.somecompany.com/webapp1 www.somecompany.com/webapp2 <-----> www2.somecompany.com/webapp2 www.somecompany.com/webapp3 <-----> www3.somecompany.com/webapp3 In terms of SEO/page rank value, does this help?

Read the article
Why can't I access a particular website even though the server appears to be available

- by 50ndr33

I can't access http://www.lynda.com/ with any of my browsers on my home network. By checking http://www.downforeveryoneorjustme.com/, I can see that the server is up and I can access it via a proxy like TOR. This screen appears immediately after I type the page in It doesn't even try to load the page, it seems. Though when I ping the server I get this: I tried to do ipconfig /flushdns. But it didn't help either. Anyone know how to fix this?

Read the article
Lookup Active Directory entry by implicit UPN

- by Michael-O

In our company exists a forest-wide UPN suffix company.com and almost all user accounts have the explicit UPN set to [email protected]. This value is also set in the Active Directory userPrincipalName attribute. Now we have an application where users perform authentication through Kerberos. So we are given the Kerberos principal, i.e. implicit UPN. We'd like to look up that user and retrieve several LDAP attributes. Since iUPN and userPrincipalName do not match anymore, the lookup is not possible. Is there any "official" way to retrieve a mapping from the Active Direcory? My workaround is to perform a LDAP bind against the realm component and search for the sAMAccountName attribute which matches the user id component of the iUPN. Searching for the mere sAMAccountName in the forest is not possible because the value is unique in the domain only.

Read the article
Sharepoint database connection issue after upgrade to SQL Server 2008 R2

- by Neil Hoff

I took a backup of all our Sharepoint WSS 3.0 databases and restored them to a new Windows 2008 R2 server. The new SQL server has the same name and IP address as the old one. The only difference between the two is the new one has SQL 2008 R2 and the old one has SQL 2005. When I navigate to the sharepoint url I get this error: Cannot connect to the configuration database. I checked the logs at this location: "%commonprogramfiles%/Microsoft Shared/web server extensions/12/Logs" and found this error: System.Data.SqlClient.SqlException: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. Any ideas?

Read the article
need help upgrading small business wifi network

- by Henry Jackson

Our small business currently has 3 wireless access points around the building, each with their own SSID. Security is done with WEP (ick) and MAC address filtering (double ick). We are trying to reconfigure the setup, with these goals: wifi roaming between the access points user-based authentication that isn't as annoying as MAC address filtering. 1) The entire building is hardwired with ethernet, so I assume it should be easy to set up the routers to act as one big network, but I can't figure out how. Can someone point me in the right direction? The routers are consumer-grade linksys routers, is it possible to do this without getting new hardware? 2) For security, we will probably upgrade to WPA2, and I'm thinking of using the Enterprise version so that users can log in with a username, instead of having a single key (so if an employee leaves or something, their access can be removed). We have several on-site Windows servers, can one of them be set up as a RADIUS server, or is that best left to a dedicated machine (again, using existing hardware is good).

Read the article
Debian on Hyper-V

- by Tobia

I installed Debian with kernel 2.6.32-5-686 on a Hyper-V virtual machine. I had to add a legacy network card. I follow this tutorial http://www.microsofttranslator.com/bv.aspx?ref=Internal&from=ru&to=en&a=http://blogs.technet.com/b/abeshkov/archive/2011/03/17/hyperv_5f00_debian.aspx to add Hyper-V driver but when I reboot with the new kernel it crash during bootup. Is there any other way to load hyper-v drivers? I really need to change that legacy network card because my debian machine is going to be used as proxy. Thank you.

Read the article
media is write protected when using diskshadow.exe, start-bitstransfer powershell cmdlet

- by Aaron - Solution Evangelist

i am trying to use the powershell start-bitstransfer cmdlets to transfer a file i have exposed using a vss snapshot (via diskshadow), but unfortunately i am receiving the following error: Start-BitsTransfer : The media is write protected. At line:1 char:49 + Import-CSV c:\hda1\bits.txt | start-bitstransfer <<<< -transfertype upload -Authentication "Basic" -Credential $cred + CategoryInfo : InvalidOperation: (:) [Start-BitsTransfer], Exception + FullyQualifiedErrorId : StartBitsTransferCOMException,Microsoft.BackgroundIntelligentTransfer.Management.NewBits TransferCommand we really want to utilize the bits endpoint we are attempting to transfer the files to. is there any other way we can go about this (aside from copying the files elsewhere first, unless we can copy one slice at a time and transfer that)?

Read the article
/etc/profile.d and "ssh -t"

- by petersohn

I wanted to run a script on a remote machine. The simple solution is this: ssh remote1 some-script This works until the remote script doesn't want to connect to another remote machine (remote2) which requires interactive authentication, like tis one (remote2 is only reachable through remote1 in this case): ssh remote1 "ssh remote2 some-script" The solution for the problem is to use the -t option for ssh. ssh -t remote1 "ssh remote2 some-script" This works, but I get probems in case I use this (where some-script may execute further ssh commands): ssh -t remote1 some-script I found that some environment variables are not set which are set when I don't use the -t option. These envrionment variables are set in scripts from /etc/profile.d. I guess that these scripts are not run for some reason if using the -t option, but are run if I don't use it. What's the reason of this? Is there any way to work around it? I am using SUSE linux (version 10).

Read the article
need help upgrading small business wifi network

- by Henry Jackson

Our small business currently has 3 wireless access points around the building, each with their own SSID. Security is done with WEP (ick) and MAC address filtering (double ick). We are trying to reconfigure the setup, with these goals: wifi roaming between the access points user-based authentication that isn't as annoying as MAC address filtering. 1) The entire building is hardwired with ethernet, so I assume it should be easy to set up the routers to act as one big network, but I can't figure out how. Can someone point me in the right direction? The routers are consumer-grade linksys routers, is it possible to do this without getting new hardware? 2) For security, we will probably upgrade to WPA2, and I'm thinking of using the Enterprise version so that users can log in with a username, instead of having a single key (so if an employee leaves or something, their access can be removed). We have several on-site Windows servers, can one of them be set up as a RADIUS server, or is that best left to a dedicated machine (again, using existing hardware is good).

Read the article
need help upgrading small business wifi network

- by Henry Jackson

Our small business currently has 3 wireless access points around the building, each with their own SSID. Security is done with WEP (ick) and MAC address filtering (double ick). We are trying to reconfigure the setup, with these goals: wifi roaming between the access points user-based authentication that isn't as annoying as MAC address filtering. 1) The entire building is hardwired with ethernet, so I assume it should be easy to set up the routers to act as one big network, but I can't figure out how. Can someone point me in the right direction? The routers are consumer-grade linksys routers, is it possible to do this without getting new hardware? 2) For security, we will probably upgrade to WPA2, and I'm thinking of using the Enterprise version so that users can log in with a username, instead of having a single key (so if an employee leaves or something, their access can be removed). We have several on-site Windows servers, can one of them be set up as a RADIUS server, or is that best left to a dedicated machine (again, using existing hardware is good).

Read the article
HTTP traffic through PIX VPN from outside site

- by fwrawx

I have a remote site with a website that only allows access from the outside IP assigned to our local PIX. I have users connecting to the local networking using a VPN that need to be able to view this remote site. I don't think this works because the packets want to come in and go out over the same (ext) interface. So I'm looking for a way to make this work using the PIX or setting up a service on a server on the local network to act as a middle-man for the HTTP requests. The remote site doesn't support setting up a VPN to our PIX. The remote website is dishing out pages over a non-standard port. Can I use squid or something similar to proxy just one site?

Read the article
How to add admin users in 389 LDAP, fedora directory server

- by chandank

I want to create couple of Admin users who have access to create/delete users on a particular group/Organization Unit. For example, User: uid=testadmin, ou=people, dc=my,dc=net Should have access to create new users/delete users under ou=People,dc=my,dc=net I tried with below ACI but did not work (target = "ldap:///ou=People,dc=my,dc=net")(targetattr = "*") (version 3.0;acl "testadmin Permissions";allow (proxy)(userdn = "ldap:///uid=testadmin,ou=people,dc=my,dc=net");) I am able to add administrative users from the Directory Server console, but this user data is not stored in ldif files and only stored in binary database at /var/lib/dirsrv/slap-ldap/db/. Only problem is these users have full power and I am not sure how to restrict their access.

Read the article
disable RADIUS for Cisco 2500 wireless controller

- by Tim Vaughan

I have a Cisco 2500 wireless controller and four lightweight access points. I want to use the controller to manage a wireless network secured by WPA only, without using RADIUS or anything else. We'll handle the authentication using a captive portal behind the access points. However, it seems like the controller's default security policy requires a RADIUS server and I can't find out how to switch the policy off. The documentation assumes I'm in an environment which needs heavy-duty security and the use case is actually a small charity/business with much less stringent security requirements. How do I disable the complicated security policy and instead run a simple one that just uses WPA?

Read the article
How do I protect large file downloads through PHP and/or Apache?

- by Eric

We have some large files (1-8GB) that are not publicly accessible. Currently we're serving them up through a PHP script that buffers the files in 1MB chunks and writes it to the output. It's incredibly CPU intensive and slows the server down when only a few downloads are active. We want to move the file transfer work to Apache or a more efficient method. We are using cookie authentication. FTP downloads are out unless there's some way to authenticate FTP sessions through the existing PHP session cookie. Ideally we'd like something where we can use PHP to hide the link to the file while it passes off the file transfer work to Apache, which is no doubt far more efficient at HTTP file transfers than PHP. We want to be able to resume downloads as well. Any help is appreciated.

Read the article
Accessing Windows 7 Printer from Ubuntu Linux via LPR/LPD or Samba

- by nitbuntu

Hi, I'm having difficulty printing from my Linux (Ubuntu 10.04) based PC to a printer connected to a Windows 7 machine. I was trying to connect using Samba (version 3.5.6) but this always brings up an authentication screen which never accepts any password I use. So I read somewhere that an alternative is to access the Windows printer via LPR/LPD. I added an LPR/LPD printer in Windows 7, but even within Windows 7, I am not able to print as the print que monitor shows as 'printer busy'. The printer in question is an Epson Stylus DX7400 and works fine when using the standard USB ports....but doesn't when I use with the LPR/LPD ports. I even opened up the TCP/IP port 515 in my McAfee firewall without any success. Any help with this would be highly appreciated. Additionally, does anyone have any idea how I can get Samba working for me?

Read the article
AirPlay over unicast DNS-SD. Anyone got it working?

- by Moduspwnens

We set up AirPrint using unicast DNS-SD on our campus about a year ago and it turned out to be a big success, so we're looking at trying to get AirPlay working so our faculty and students can wirelessly show content on our classroom projectors. There are still a couple of other things preventing an ideal implementation (username and password authentication, for starters), but I've been trying to set up a working demo nonetheless. Getting AirPrint working was basically just a matter of advertising the same records over a DNS-SD domain instead of the multicast (.local) one, but doing the same thing for AirPlay doesn't seem to cut it. The devices don't recognize the DNS-SD AirPlay servers as available. I've uploaded a screenshot of my DNS-SD configuration with the original (from AirServer, which works normally for multicast) here. I realize this is still a fairly new feature and documentation is lacking, but has anyone been able to get AirPlay working via DNS-SD? If it simply only works over multicast, I can accept that, but its potential is so appealing for us that I thought it'd be worth asking if anyone else has figured it out.

Read the article
How to get password prompt from scp when launched remotely via ssh

- by Zek

When I ssh to a remote system and execute scp, I do not get a password prompt: # ssh 192.168.1.32 "scp joe\@192.168.1.31:/etc/hosts /tmp" Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password,keyboard-interactive). If I break it up like this, it works fine: # ssh 192.168.1.32 # scp joe\@192.168.1.31:/etc/hosts /tmp [email protected]'s password: How can I make it prompt me for the password in the first example above? Note: No, I cannot use key-based authentication for this.

Read the article
Connecting to Google SMTP with Konica Minolta Printers

- by VictorKilo

I have spent the better portion of two days trying to get a number of Bizhub MFCs to connect to Google's SMTP service. Our company recently switched from an exchange server, which handled SMTP requests to Gmail. We have 20 branches each with different MFCs. I was able to get the Cannons connected, but the Konicas are giving me major problems. The three models that are giving me issues are the C203, C250 and the C280. I have used the following: smtp.gmail.com port 465 Gmail Username/Pass aspmx.l.google.com port 25 no authentication aspmx.l.google.com port 25 Gmail Username/Pass None of these methods are working despite the fact that all of those have worked on different makes/models. Any help would be greatly appreciated, I'm at my whit's end.

Read the article
MSDTC on server x is unavailable

- by Fishcake

I have Windows Server 2003 running in a virtual machine, running some software that is trying to update a database within transactions on my Windows 7 machine (the host for the VM). On my host I have edited the settings for Local DTC by selecting the following Client and Administration Allow Remote clients Allow Remote administration Transaction manager communication Allow inbound Allow outbound No authentication required However when I try to run the software I receive this error: MSDTC on server 'x' is unavailable. Whilst searching for fixes most just suggest making sure the service is running which I have. Cheers!

Read the article
Solaris syslog.conf. What are root and operator?

- by cjavapro

In /etc/syslog.conf #ident "@(#)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */ # # Copyright (c) 1991-1998 by Sun Microsystems, Inc. # All rights reserved. # # syslog configuration file. # # This file is processed by m4 so be careful to quote (`') names # that match m4 reserved words. Also, within ifdef's, arguments # containing commas must be quoted. # *.err;kern.notice;auth.notice /dev/sysmsg *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages *.alert;kern.err;daemon.err operator *.alert root *.emerg * # if a non-loghost machine chooses to have authentication messages # sent to the loghost machine, un-comment out the following line: #auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost) mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost) # # non-loghost machines will use the following lines to cause "user" # log messages to be logged locally. # ifdef(`LOGHOST', , user.err /dev/sysmsg user.err /var/adm/messages user.alert `root, operator' user.emerg * ) I googled some and it seems that root and operator mean email to root and to operator. Is this correct?

Read the article
putty pageant - forget keys after period of inactivity

- by pQd

in the environment where windows client computers are used to run putty to connect to multiple linux servers i'm considering moving away from password based authentication and using public/private key pairs with pass-phrases. using ssh-agent would be nice, but at the same time i'd like it to 'forget' the pass-phrases after given period of inactivity. it seems that putty's pageant does not provide such feature; what would you suggest as alternative? solutions that i'm considering: patching pageant code [might be tricky, code is probably quite rusty and project - sadly - stagnant] writing small custom application using GetLastInputInfo and killing pageant if the machine was idle for more than let's say 15 minutes [ yes, there'll be separate policy for locking the desktops as well ] using alternative ssh client and ssh agent. any suggestions? thanks!

Read the article
Meraki's Accounting-Requests to RADIUS server

- by PachinSV

I'm running a RADIUS server with some Meraki APs, the process of Authentications is fine... But it seems that the Meraki Cloud Controller is just sending the authentication packets and not the accounting requests. I've tested the RADIUS sending accounting requests with the radclient tool (locally) and it worked. I think that maybe my RADIUS server is ignoring the accounting requests from the MCC because there are some Vendor Specific Attributes that my RADIUS doesn't know. should I add a Meraki's dictionary to my RADIUS configurations? I'm kind of desperate, any idea?

Read the article

< Previous Page | 266 267 268 269 270 271 272 273 274 275 276 277 | Next Page >