Search Results

Search found 9696 results on 388 pages for 'proxy authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 318/388 | < Previous Page | 314 315 316 317 318 319 320 321 322 323 324 325  | Next Page >

  • Ipsec reload fails to load ipsec.conf Strongswan 5.0

    - by Quentin Swain
    I am having trouble configuring a connection to an Android device using a fedora 17 linux machine and strongSwanv5.0.1dr2. I have made some progress but when I try adding the configuration to support xauth authentication I receive an error when I try to reload the configuration file. I get a similar error for the value ikev1 for the keyexchange setting , and whenever i try to set a value for rightauth. Has anyone else had this problem The man page for ipsec.conf and the documentation on the strongswan wiki both indicated that these settings and values should be fine in 5.0.x.x. I could try setting authby but that is deprecated according to the documentation i read and the xauthpsk value isn't working. Any help is much appreciated thanks. can not load config '/etc/ipsec.conf': /etc/ipsec.conf:25: syntax error, unexpected STRING [leftauth] # /etc/ipsec.conf - Openswan IPsec configuration file # # Manual: ipsec.conf.5 # # Please place your own config files in /etc/ipsec.d/ ending in .conf version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey protostack=netkey # Enable this if you see "failed to find any available worker" # nhelpers=0 plutodebug=all conn %default ikelifetime=240m #keylifetime=20m keyingtries=3 ikev2=no conn android left=10.1.12.212 right=10.1.12.140 leftxauthserver=yes leftauth=psk rightauth=xauth keyexchange=ikev1 type=tunnel pfs=no rekey=no auto=start ike=aes256-md5;modp1024 phase2=esp ikev2=no #You may put your configuration (.conf) file in the "/etc/ipsec.d/" #include /etc/ipsec.d/*.conf

    Read the article

  • Connectivity with SQL Server Express 2008 r2 and SQL Server 2000 on same machine

    - by Jim R
    At first glance this may same a duplicate of Installing both SQL Server 2000 and SQL Server 2008 on the same machine, but it is not. I have SQL Server 2000 and SQL Server 2008 R2 installed on the same machine and working fine. My problem lies with connecting to the 2008 R2 server from a remote machine. My connectivity needs to be TCP. The legacy installation or SQL 2000 uses the default port of 1433. The named instance is by default configured to use 'Shared Memory' and is working fine. When I configured the 2008 R2 server to use 1433 (I did not think that thru) the service refused to start becasue 1433 was already in use by the legacy SQL 2000 default instance. Doh! What I want to do is have both servers available simultaneously via TCP. both servers need not be on the same port, put if I cannot run them on the same port, then how do I configure the clients? Is there not some kind of proxy available that can monitor the 1433 port and pass the request thru to the correct SQL instance by name? Is this capability built into SQL server already? Thanks, Jim

    Read the article

  • Glusterfs denied mount

    - by greg
    I'm using GlusterFS 3.3.2. Two servers, a brick on each one. The Volume is "ARCHIVE80" I can mount the volume on Server2; if I touch a new file, it appears inside the brick on Server1. However, if I try to mount the volume on Server1, I have an error: Mount failed. Please check the log file for more details. The log gives: [2013-11-11 03:33:59.796431] I [rpc-clnt.c:1654:rpc_clnt_reconfig] 0-ARCHIVE80-client-0: changing port to 24011 (from 0) [2013-11-11 03:33:59.796810] I [rpc-clnt.c:1654:rpc_clnt_reconfig] 0-ARCHIVE80-client-1: changing port to 24009 (from 0) [2013-11-11 03:34:03.794182] I [client-handshake.c:1614:select_server_supported_programs] 0-ARCHIVE80-client-0: Using Program GlusterFS 3.3.2, Num (1298437), Version (330) [2013-11-11 03:34:03.794387] W [client-handshake.c:1320:client_setvolume_cbk] 0-ARCHIVE80-client-0: failed to set the volume (Permission denied) [2013-11-11 03:34:03.794407] W [client-handshake.c:1346:client_setvolume_cbk] 0-ARCHIVE80-client-0: failed to get 'process-uuid' from reply dict [2013-11-11 03:34:03.794418] E [client-handshake.c:1352:client_setvolume_cbk] 0-ARCHIVE80-client-0: SETVOLUME on remote-host failed: Authentication failed [2013-11-11 03:34:03.794426] I [client-handshake.c:1437:client_setvolume_cbk] 0-ARCHIVE80-client-0: sending AUTH_FAILED event [2013-11-11 03:34:03.794443] E [fuse-bridge.c:4256:notify] 0-fuse: Server authenication failed. Shutting down. How comes I can mount on one server and not on the other one???

    Read the article

  • Mac OS X 10.6 Setup for Apache/MySQL/Perl

    - by Russell C.
    I just got a new Mac and have been trying to setup a local development environment for my perl applications for a few days now with no luck. I'm getting no where fast so I hope someone else who has done this successfully could help. I started by installing MAMP which I thought would take care of everything for me but unfortunately it doesn't take care of some important perl modules. I used CPAN to install all our required modules except that it seems DBD::mysql doesn't install correctly through CPAN. After reading a lot online, lots of people reported problems with this and recommended using MacPorts to install the module which I have tried doing with no luck using the following command: sudo port install p5-dbd-mysql After what seems like a successful install of DBD::mysql, Apache continues to report the following error when trying to run any of our Perl scripts: [Fri Apr 30 18:51:07 2010] [error] [client 127.0.0.1] install_driver(mysql) failed: Can't locate DBD/mysql.pm in @INC (@INC contains: /Library/Perl/Updates/5.10.0/darwin-thread-multi-2level /Library/Perl/Updates/5.10.0 /System/Library/Perl/5.10.0/darwin-thread-multi-2level /System/Library/Perl/5.10.0 /Library/Perl/5.10.0/darwin-thread-multi-2level /Library/Perl/5.10.0 /Network/Library/Perl/5.10.0/darwin-thread-multi-2level /Network/Library/Perl/5.10.0 /Network/Library/Perl /System/Library/Perl/Extras/5.10.0/darwin-thread-multi-2level /System/Library/Perl/Extras/5.10.0 .) at (eval 1835) line 3. [Fri Apr 30 18:51:07 2010] [error] [client 127.0.0.1] Perhaps the DBD::mysql perl module hasn't been fully installed, [Fri Apr 30 18:51:07 2010] [error] [client 127.0.0.1] or perhaps the capitalisation of 'mysql' isn't right. [Fri Apr 30 18:51:07 2010] [error] [client 127.0.0.1] Available drivers: DBM, ExampleP, File, Gofer, Proxy, SQLite, Sponge. I'm not sure where to go from here but my Mac isn't much of a development environment if Perl isn't able to talk to the database. I'd really appreciate any help and advice you might be able to provide in getting my system setup successfully. Thanks in advance!

    Read the article

  • Account Lockout with pam_tally2 in RHEL6

    - by Aaron Copley
    I am using pam_tally2 to lockout accounts after 3 failed logins per policy, however, the connecting user does not receive the error indicating pam_tally2's action. (Via SSH.) I expect to see on the 4th attempt: Account locked due to 3 failed logins No combination of required or requisite or the order in the file seems to help. This is under Red Hat 6, and I am using /etc/pam.d/password-auth. The lockout does work as expected but the user does not receive the error described above. This causes a lot of confusion and frustration as they have no way of knowing why authentication fails when they are sure they are using the correct password. Implementation follows NSA's Guide to the Secure Conguration of Red Hat Enterprise Linux 5. (pg.45) It's my understanding that that only thing changed in PAM is that /etc/pam.d/sshd now includes /etc/pam.d/password-auth instead of system-auth. If locking out accounts after a number of incorrect login attempts is required by your security policy, implement use of pam_tally2.so. To enforce password lockout, add the following to /etc/pam.d/system-auth. First, add to the top of the auth lines: auth required pam_tally2.so deny=5 onerr=fail unlock_time=900 Second, add to the top of the account lines: account required pam_tally2.so EDIT: I get the error message by resetting pam_tally2 during one of the login attempts. user@localhost's password: (bad password) Permission denied, please try again. user@localhost's password: (bad password) Permission denied, please try again. (reset pam_tally2 from another shell) user@localhost's password: (good password) Account locked due to ... Account locked due to ... Last login: ... [user@localhost ~]$

    Read the article

  • Windows 2003 Domain Controller Very Upset about NIC Teaming

    - by Kyle Brandt
    I set up BACS (Broadcom Teaming) to team two NIC on a Windows 2003 Active Directory Domain Controller. Networking still works okay, I can ping the gateway etc, but both DNS and Active Directory fail to start with various 40xx errors. The team that I created is Smart load Balancing with Failover, with one backup and only one in smart load balancing (So really it is just failover). I have the team the same IP address that the single active NIC had before. Anyone seen this before, or have any ideas what the problem might be? Event Type: Error Event Source: DNS Event Category: None Event ID: 4015 Date: 3/7/2010 Time: 10:33:03 AM User: N/A Computer: ADC Description: The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error. Event Type: Error Event Source: DNS Event Category: None Event ID: 4004 Date: 3/7/2010 Time: 10:33:03 AM User: N/A Computer: ADC Description: The DNS server was unable to complete directory service enumeration of zone .. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error. Event Type: Error Event Source: NTDS Replication Event Category: DS RPC Client Event ID: 2087 Date: 3/7/2010 Time: 10:40:28 AM User: NT AUTHORITY\ANONYMOUS LOGON Computer: ADC Description: Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.

    Read the article

  • "No more threads can be created in the system" in Network and Sharing Center

    - by Zell Faze
    A while back I noticed on one of our laboratory computers (Windows 7, very little extra software installed) that the network connection icon in the system tray would claim that it had no network connection, even though it did. This issue would go away after the computer was rebooted, but would surface again the next time I looked at the computer (a few days later). Upon opening the Network and Sharing Center I am shown an actual error message, but not one that seems to give me a lot of information about what the problem is. In the place of the usual information about network adapters and whether you are connected to the Internet it simply says: "No more threads can be created in the system." The Event Viewer shows hundreds of events from different services also with the same message. "Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x800700a4, No more threads can be created in the system."; "The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: A thread could not be created for the service."; "The IP Helper service terminated with the following error: No more threads can be created in the system." As far as I can tell, this message seems to mean that there is some sort of resource leak in Windows where something is creating a large number of threads and those threads are not being killed off? I've tried restarting WMI and several services related to networking, without avail. Can anyone provide more information on what "No more threads can be created in the system" might mean and what I might be able to do to fix the issue? Currently the only solution appears to be restarting.

    Read the article

  • Zscaler. Certs, cookies, and port 80 traffic

    - by 54's_lol
    So I work at HQ for a large company that shall remain nameless. We use Zscaler and I had to roll out a 2048 cert per zscaler's request. People around me at work dont understand the technology and think that the cert's are what is allowing internet connectivity. From my understanding(and please chime in) is the cookie located C:\Users\$$$$$$4$$\AppData\Roaming\Macromedia\Flash Player#SharedObjects\Q3JQJQJV\gateway.zscaler.net\zscaler.swf here that gets created when you provide your creds the first time you use the browser. The cert's are just simply a way of inspecting the SSL traffic as zscaler had no way of doing this before without them. They are essentially using the classic MITM attack to parse your SSL traffic. Gmail is smart enough to recognize this as you get a warning. My question is this, is there a product or service that I can use to verify my web browser when at home(I.E. off company network) isn't still getting routed to zscaler's cloud? If i do a tracert that will work fine. It's the port 80 and 443 web traffic zscaler and my company is after. I would like to verify that when I'm off their premise that my web traffic is using only my isp and the path to whatever content I'm searching for. Do the cert's i'm pushing and browser authentication do something behind the curtain that forces web traffic to get routed to zscaler? I searched quite a bit and would very much like to know if I'm ever off company scrutiny. I do know zscaler offers the service to force the scenario im asking about. Can I prove how my web traffic is getting routed? Thanks for any insight. I've been a fan for a long time and your guy's kung fu is very strong:-)

    Read the article

  • Getting SMB file shares working over a PPTP VPN

    - by Ben Scott
    I'm having issues getting SMB file shares working over a PPTP VPN. The server setup consists of a security device (DrayTek V3300) which passes the PPTP authentication to a SBS2003 server running RRAS. The server is the DC and provides DNS and WINS, the single NIC's name server is set to the NIC's IP (192.168...), and DHCP on the DrayTek sets the server IP as the DNS. If I create a new VPN connection in Win7, leaving everything as default apart from the server, username, password and domain, I can: ping everything by IP address resolve IPs with nslookup using their fully-qualified name, as in nslookup fileserver.mydomain.local ping machines by fully-qualified name, as in ping fileserver.mydomain.local However if I try to access a file share: within Explorer, I get "Windows cannot access ..." with "Error code: 0x80004005 Unspecified Error", using net use z: \\fileserver.mydomain.local\share, I get "System error 53 has occurred. The network path was not found." If I add the machine name to my HOSTS file I can use the file share, which is my last-ditch workaround, but I have a number of VPN users and would rather a solution that doesn't involve me trying to hand-edit system files on computers half a country away. If I set the WINS server explicitly in the connection's IPv4 settings I don't have to use the FQN to ping the machine, but that doesn't change anything else. EDIT: The PC I'm having the issue on is running Win 7 Home Premium. After more testing I actually have two other PCs that work, one W7HP, one XP Home, and another Vista PC that doesn't work (not tested as much as the others), all four on the same internet connection (behind the same router). All of them were tested with a straight-forward, all defaults, new VPN configuration.

    Read the article

  • WebDav rename fails on an Apache mod_dav install behind NginX

    - by The Daemons Advocate
    I'm trying to solve a problem with renaming files over WebDav. Our stack consists of a single machine, serving content through Nginx, Varnish and Apache. When you try to rename a file, the operation fails with the stack that we're currently using. To connect to WebDav, a client program must: Connect over https://host:443 to NginX NginX unwraps and forwards the request to a Varnish server on http://localhost:81 Varnish forwards the request to Apache on http://localhost:82, which offers a session via mod_dav Here's an example of a failed rename: $ cadaver https://webdav.domain/ Authentication required for Webdav on server `webdav.domain': Username: user Password: dav:/> cd sandbox dav:/sandbox/> mkdir test Creating `test': succeeded. dav:/sandbox/> ls Listing collection `/sandbox/': succeeded. Coll: test 0 Mar 12 16:00 dav:/sandbox/> move test newtest Moving `/sandbox/test' to `/sandbox/newtest': redirect to http://webdav.domain/sandbox/test/ dav:/sandbox/> ls Listing collection `/sandbox/': succeeded. Coll: test 0 Mar 12 16:00 For more feedback, the WebDrive windows client logged an error 502 (Bad Gateway) and 303 (?) on the rename operation. The extended logs gave this information: Destination URI refers to different scheme or port (https://hostname:443) (want: http://hostname:82). Some other Restrictions: Investigations into NginX's Webdav modules show that it doesn't really fit our needs, and forwarding webdav traffic to Apache isn't an option because we don't want to enable Apache SSL. Are there any ways to trick mod_dav to forward to another host? I'm open to ideas :).

    Read the article

  • I am getting a SQUID Error

    - by Dave
    Hello, What exactly is wrong here Entry in SQUID File--- httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on acl lan src 192.168.1.1 192.168.2.0/24 http_access allow localhost Error after: service squid restart 2010/02/01 14:24:29| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2010/02/01 14:24:29| cache_cf.cc(361) parseOneConfigFile: squid.conf:10 unrecognized: 'broken_vary_encoding' 2010/02/01 14:24:29| WARNING: Netmasks are deprecated. Please use CIDR masks instead. 2010/02/01 14:24:29| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges. 2010/02/01 14:24:29| WARNING: For now we assume you meant to write /0 2010/02/01 14:24:29| WARNING: (B) '::/4294967200' is a subnetwork of (A) '::' 2010/02/01 14:24:29| WARNING: because of this '::' is ignored to keep splay tree searching predictable 2010/02/01 14:24:29| WARNING: You should probably remove '::/4294967200' from the ACL named 'all' 2010/02/01 14:24:29| WARNING: Netmasks are deprecated. Please use CIDR masks instead. 2010/02/01 14:24:29| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges. 2010/02/01 14:24:29| WARNING: For now we assume you meant to write /128 2010/02/01 14:24:29| aclParseIpData: unknown netmask '255.255.255.255' in '127.0.0.1/255.255.255.255' FATAL: Bungled squid.conf line 25: acl localhost src 127.0.0.1/255.255.255.255 Squid Cache (Version 3.1.0.14): Terminated abnormally. CPU Usage: 0.013 seconds = 0.006 user + 0.007 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 Also please provide me with the simplest squid script for the proxy to run. Restrictions can be entered. Thanks Dave

    Read the article

  • ssh tunnel - bind: Cannot assign requested address

    - by JosephK
    Trying to create a socks (-D) ssh tunnel - Linux box to Linux box (both centos): sshd running on remote side ok. From local machine we do / see this: ssh -D 1080 [email protected]. [email protected]'s password: bind: Cannot assign requested address (where 8.8.8.8 is really my server's IP and 'user' is my real username) I am logged into the remote side in this terminal-window. I can verify that the local port was unused prior to this command, and then used by an ssh process, after the command, via: netstat -lnp | grep 1080 So, unlike most googled-responses with this error, the problem would not seem to be the loopback interface assignment. If I try to use this tunnel with a mail client, the local-side permits the attempt (no 'proxy-failed' error), but no data / reply is returned. On the remote side, I do have "PermitTunnel yes" in my sshd_config (though 'yes' should be the default, anyway). Ideas or Clues? Here is the relevant debug-output OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * .... debug1: Authentication succeeded (password). debug1: Local connections to LOCALHOST:1080 forwarded to remote address socks:0 debug1: Local forwarding listening on 127.0.0.1 port 1080. debug1: channel 0: new [port listener] debug1: Local forwarding listening on ::1 port 1080. bind: Cannot assign requested address debug1: channel 1: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.utf8 Other clue: If I run a Virtual Box on the client running Windows, open a tunnel with putty in that box, that tunnel, to the same remote server, works.

    Read the article

  • Gitlab and Nginx not loading gitlab

    - by paperids
    I have just installed gitlab and nginx on Ubuntu LTS 12.04 using this guide: http://blog.compunet.co.za/gitlab-installation-on-ubuntu-server-12-04/ I installed this on another server last night and had absolutely no problems with it (sort of a test run to see how long it would take to get going). I am not getting any errors when restarting gitlab or nginx with /etc/init.d and my error logs are empty. The only thing I know of to go on is the vhost config: upstream gitlab { server unix:/home/gitlab/gitlab/tmp/sockets/gitlab.sock$ } server { listen localhost:80; server_name gitlab.bluringdev.com; root /home/gitlab/gitlab/public; # individual nginx logs for this gitlab vhost access_log /var/log/nginx/gitlab_access.log; error_log /var/log/nginx/gitlab_error.log; location / { # serve static files from defined root folder;. # @gitlab is a named location for the upstream fallback$ try_files $uri $uri/index.html $uri.html @gitlab; } # if a file, which is not found in the root folder is r$ # then the proxy pass the request to the upsteam (gitla$ location @gitlab { proxy_redirect off; # you need to change this to "https", if you set "ssl" $ proxy_set_header X-FORWARDED_PROTO http; proxy_set_header Host gitlab.bluringdev.com:80; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://gitlab; } } If there's any other information that would be helpful, just let me know and I'll get it up asap.

    Read the article

  • DKIM- Filter No Signature Data

    - by Vineet Sharma
    I have installed DKIM-Filter on Postfix after reading this tutorial http://www.unibia.com/unibianet/systems-networking/how-setup-domainkeys-identified-mail-dkim-postfix-and-ubuntu-server My email now has a DKIM signature but still it is landing in the SPAM folder. Here is the header Received-SPF: neutral (google.com: 69.164.193.167 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=69.164.193.167; Authentication-Results: mx.google.com; spf=neutral (google.com: 69.164.193.167 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]; dkim=hardfail (test mode) [email protected] Received: from promote.a2labs.in (localhost [127.0.0.1]) by promote.a2labs.in (Postfix) with ESMTPA id 34858530E8 for <[email protected]>; Mon, 28 Feb 2011 12:23:07 +0530 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=a2labs.in; s=mail; t=1298875987; bh=bo+H1VYPIHMja2u7i1lnzr4k/j4Pe8iSf79bVw94XpI=; h=To:Subject:Message-ID:Date:From:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding; b=nhTdlnUwo0iUJ92ycQzKSRjw 5Pfya0DJcJrAc8Mr2hIv8OLpgzBCzdOMWTGqR5nuUmAzgCGYBhYAM2XZwVxo9JG/iz7 oYKysmNQnskFx0TRyW3UOkDWcfHcPnCL6Y7fGzZWinmsyjsg47k+mKZg/e8jqlwTAMO PYKkt5pBz7SM0= Also my mail.err file shows Feb 28 12:17:03 ivineet dkim-filter[32181]: 1F788530E1: no signature data Feb 28 12:18:02 ivineet dkim-filter[32181]: 432BA530E2: no signature data How to fix it

    Read the article

  • CopSSH SFTP -- limit users access to their home directory only

    - by bradvido
    Let me preface this by saying I've read and followed these instructions at the FAQ many times: http://www.itefix.no/i2/node/37 It does not do what the title claims... It allows every user access to every other user's home directory, as well as access to all subfolders below the copssh installation path. I'm only using this for SFTP access and I need my users to be sandboxed into only their home directory. If you know a fool-proof way to lock users down so they can see only their home directory and its subfolders, stop reading now and reply with the solution. The details: Here is exactly what i tried as I followed the FAQ. My copSSH installation directory is: C:\Program Files\CopSSH net localgroup sftp_users /ADD **Create a user group to hold all my SFTP users cacls c:\ /c /e /t /d sftp_users **For that group, deny access at the top level and all levels below cacls "C:\Program Files\CopSSH" /c /e /t /r sftp_users **Allow my user group access to the copSSH installation directory and its subdirectories For each sftp user, I create a new windows user account, then I: net localgroup sftp_users sftp_user_1 /add **Add my user to the group I've created Open the activate user wizard for CopSSH, choosing the user, "/bin/sftponly" and Remove copssh home directory if it exists **Remains checked Create keys for public key authentication **Remains checked Create link to user's real home directory **Remains checked This works, however, every user has access to every other user's home directory as well as the CopSSH root directory.... So I tried denying access for all users to the user home directory: cacls "C:\Program Files\CopSSH\home" /c /e /t /d sftp_users **Deny access for users to the user home directory Then I tried adding permissions on a user-by-user basis for each users home\username folder. However,these permission were not allowed by windows because of the above deny rule i created at the home directory was being inherited and over-riding my allow rule. The next step for me would be to remove the deny rule at the home directory and for each user folder, add a deny rule for every user it doesn't belong to, and add an allow rule for the one user it does belong to. However, as my user list gets long, this will become very cumbersome. Thanks for the help!

    Read the article

  • Prosody mod auth external not working

    - by Yang
    I installed mod_auth_external for 0.8.2 on ubuntu 12.04 but it's not working. I have external_auth_command = "/home/yang/chat/testing" but it's not getting invoked. I enabled debug logging and see no messages from that mod. Any help? I'm using the Candy example client. Here's what's written to the log after I submit a login request (and nothing in err log): Oct 24 21:02:43 socket debug server.lua: accepted new client connection from 127.0.0.1:40527 to 5280 Oct 24 21:02:43 mod_bosh debug BOSH body open (sid: %s) Oct 24 21:02:43 boshb344ba85-fbf5-4a26-b5f5-5bd35d5ed372 debug BOSH session created for request from 169.254.11.255 Oct 24 21:02:43 mod_bosh info New BOSH session, assigned it sid 'b344ba85-fbf5-4a26-b5f5-5bd35d5ed372' Oct 24 21:02:43 httpserver debug Sending response to bf9120 Oct 24 21:02:43 httpserver debug Destroying request bf9120 Oct 24 21:02:43 httpserver debug Request has destroy callback Oct 24 21:02:43 socket debug server.lua: closed client handler and removed socket from list Oct 24 21:02:43 mod_bosh debug Session b344ba85-fbf5-4a26-b5f5-5bd35d5ed372 has 0 out of 1 requests open Oct 24 21:02:43 mod_bosh debug and there are 0 things in the send_buffer Oct 24 21:02:43 socket debug server.lua: accepted new client connection from 127.0.0.1:40528 to 5280 Oct 24 21:02:43 mod_bosh debug BOSH body open (sid: b344ba85-fbf5-4a26-b5f5-5bd35d5ed372) Oct 24 21:02:43 mod_bosh debug Session b344ba85-fbf5-4a26-b5f5-5bd35d5ed372 has 1 out of 1 requests open Oct 24 21:02:43 mod_bosh debug and there are 0 things in the send_buffer Oct 24 21:02:43 mod_bosh debug Have nothing to say, so leaving request unanswered for now Oct 24 21:02:43 httpserver debug Request c295d0 left open, on_destroy is function(mod_bosh.lua:81) Here's the config I added: modules_enabled = { ... "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" ... } authentication = "external" external_auth_protocol = "generic" external_auth_command = "/home/yang/chat/testing"

    Read the article

  • Adding an user to samba

    - by JustMaximumPower
    I'm trying to setup some samba shares in my home network on an Ubuntu 12.04 machine. Everything works fine for my user account (max) but I can not add any new user. Every time I try to add new user they can not use the shares. It's likely that the error is very basic to the concept of samba but please don't just tell me to read the docs. I've been trying that for about 2 weeks now. I've set up the server with my user max who can mount transfer and the share max. Than I added the user simon with sudo adduser --no-create-home --disabled-login --shell /bin/false simon because the user should not be able to ssh into the machine. I did an sudo smbpasswd -a simon and set an (samba) password for simon and added an share for simon. I also added simon to transferusers to give him access to the share transfer. But simon can't connect to transfer or simons. ---- output of testparam: ------- Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[printers]" Processing section "[print$]" Processing section "[max]" Processing section "[simons]" Processing section "[transfer]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes print ok = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers [max] comment = Privater share von Max path = /media/Main/max read only = No create mask = 0700 [simons] comment = Privater share von Simon path = /media/Main/simon read only = No create mask = 0700 [transfer] comment = Transferlaufwerk path = /media/Main/transfer read only = No create mask = 0755 ---- The files in /media/Main: ------ drwxrwxr-x 17 max max 4096 Oct 4 19:13 max/ drwx------ 5 simon max 4096 Aug 4 15:18 simon/ drwxrwxr-x 7 max transferusers 258048 Oct 1 22:55 transfer/

    Read the article

  • Accessing network shares on Windows7 via SonicWall VPN client

    - by Jack Lloyd
    I'm running Windows7 x64 (fully patched) and the SonicWall 4.2.6.0305 client (64-bit, claims to support Windows7). I can login to the VPN and access network resources (eg SSH to a machine that lives behind the VPN). However I cannot seem to be able to access shared filesystems. Windows is refusing to do discovery on the VPN network. I suspect part of the problem is Windows persistently considers the VPN connection to be a 'public network'. Normally, you can open the network and sharing center and modify this setting, however it does not give me a choice for the VPN. So I did the expedient thing and turned on file sharing for public networks. I also disabled the Windows firewall for good measure. Still no luck. I can access the server directly by putting \\192.168.1.240 in the taskbar, which brings up the list of shares on the server. However, trying to open any of the shares simply tells me "Windows cannot access \\192.168.1.240\share You do not have permission to access ..."; it never asks for a domain password. I also tried Windows7 native VPN functionality - it couldn't successfully connect to the VPN at all. I suspect this is because SonicWall is using some obnoxious special/undocumented authentication system; I had similar problems trying to connect on Linux with the normal IPsec tools there. What magical invocation or control panel option am I missing that will let this work? Are there any reasonable debugging strategies? I'm feeling quite frustrated at Windows tendency to not give me much useful information that might let me understand what it is trying to do and what is going wrong.

    Read the article

  • Can't connect to computer via SBS2011 RWA

    - by sbrattla
    I've got an SBS 2011 Essentials server. Users a able to log on to Remote Web Access using their username and password. However, the trouble starts when a users attempts to log on remotely to his/her computer from the Remote Web Access website. When the user clicks on his/her computer (in the RWA website), the user is first presented with a window listing Publisher, Type, Remote Computer name and Gateway Server. Everything seems fine here, and the user clicks Connect. The user credentials are provided, and a connection is attempted. However, the logon attempt always fails with the message "The logon attempt failed". The logon attempt always generates three log events in the server log: EventId: 4672 - Special Logon EventId: 4624 - Logon EventId: 4634 - Logoff All events happens have the same timestamp. No events are logged on the client machine which the user attempts to log on to. Others have solved this by going to their IIS server and enable "Windows Authentication" for Rpc and RpcWithCert (in Default Web Site). However, this is in place on the server. I've also got RD CAPs and RD RAPs in place. As a side note; if i try to connect to any of the machines using the Remote Desktop Connection using the "Connect from anywhere" functionality - then things work flawlessly! In other words, the error only occurs when attempting to login to a computer via the Remote Web Access website. I've run out of ideas for how I can solve this (too many hours spent). Any ideas highly appreciated!

    Read the article

  • Cisco ASA Act as a Hardware Security Module?

    - by Derek
    Hello, We have a partner that is requiring us to get a HSM for a web application that we host for them. This is something new for us, we've always installed our SSL certificates on our web servers and never needed a hardware device. We currently have 2 Cisco ASA 5510 firewalls in an active/standby configuration. Both ASAs have a ASA-SSM-10 security module installed in them. The web application is a standard HTTPS webpage with no authentication required. I was wondering if we could use our Cisco ASAs to meet this requirement or if we'll have to buy another device. I was doing some searching and read about Cisco's clientless webvpn feature. It sounds like it might work, but I'm not sure. We basically want the ASA to handle the SSL and proxy the connection to our web servers. We do not want to prompt for a username or password to connect or show any portals, just display the web page. If the ASA cannot do this, does any one have any recommendations for network attached hardware security modules? We are using VMware vCenter, so we'd rather have an external device attached to the network, rather than buying HSM cards for every ESXi host. Thanks, Derek

    Read the article

  • apache2 VirtualHost in Mac OS X home directory

    - by aaron
    I am running Macports apache2 on Mac OS X 10.5. Whenever I configure a virtual host in the default folder, it works, however when I configure the virtual host in my home directory I get a "403 Forbidden" error. How do I configure a vhost in my home directory? Here is the configuration that yields "403 Forbidden" when I access "devel.mysite.com": /opt/local/apache2/conf/extra/httpd-vhosts.conf: DocumentRoot "/opt/local/apache2/htdocs" ServerName * #CustomLog "" common <VirtualHost *:80> #DocumentRoot "/opt/local/apache2/htdocs/mysite" DocumentRoot "/Users/myuser/Sites/mysite" ServerName devel.mysite.com </VirtualHost> The error message in /opt/local/apache2/logs/devel.mysite.com-error_log: [Sat Apr 17 19:54:49 2010] [error] [client 127.0.0.1] client denied by server configuration: /Users/myuser/Sites/mysite/ When I uncomment the line to make DocumentRoot in /opt/local/apache2/htdocs/mysite, it works: DocumentRoot "/opt/local/apache2/htdocs" ServerName * #CustomLog "" common <VirtualHost *:80> DocumentRoot "/opt/local/apache2/htdocs/mysite" #DocumentRoot "/Users/myuser/Sites" ServerName devel.mysite.com </VirtualHost> I get no errors or warnings when I start apache, and the only thing that is logged on startup is this (in /opt/local/apache/logs/error_log): [Sat Apr 17 19:56:29 2010] [notice] Digest: generating secret for digest authentication ... [Sat Apr 17 19:56:29 2010] [notice] Digest: done [Sat Apr 17 19:56:29 2010] [notice] Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8m DAV/2 configured -- resuming normal operations A few notes: * The permissions of /Home/myuser/Sites/mysite is 755, owned by myuser, group is staff * Everything else works as expected, until I move the ServerRoot of the vhost to the directory in my home

    Read the article

  • SPF hardfail and DKIM failure when recipient has e-mail forwarding

    - by Beaming Mel-Bin
    I configured hardfail SPF for my domain and DKIM message signing on my SMTP server. Since this is the only SMTP server that should be used for outgoing mail from my domain, I didn't foresee any complications. However, consider the following situation: I sent an e-mail message via my SMTP server to my colleague's university e-mail. The problem is that my colleague forwards his university e-mail to his GMail account. These are the headers of the message after it reaches his GMail mailbox: Received-SPF: fail (google.com: domain of [email protected] does not designate 192.168.128.100 as permitted sender) client-ip=192.168.128.100; Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of [email protected] does not designate 192.168.128.100 as permitted sender) [email protected]; dkim=hardfail (test mode) [email protected] (Headers have been sanitized to protect the domains and IP addresses of the non-Google parties) GMail checks the last SMTP server in the delivery chain against my SPF and DKIM records (rightfully so). Since the last STMP server in the delivery chain was the university's server and not my server, the check results in an SPF hardfail and DKIM failure. Fortunately, GMail did not mark the message as spam but I'm concerned that this might cause a problem in the future. Is my implementation of SPF hardfail perhaps too strict? Any other recommendations or potential issues that I should be aware of? Or maybe there is a more ideal configuration for the university's e-mail forwarding procedure? I know that the forwarding server could possibly change the envelope sender but I see that getting messy.

    Read the article

  • Static IP for dynamic IP

    - by scape279
    I have a dynamic IP address. I would like to have a static IP, but Virgin Media don't allow static IPs for residential broadband services, even if you ask them really nicely and offer to pay for it without switching to a business tariff. I am already registered with a dynamic DNS service which is updated by my router eg me.example.com will always resolve to my dynamic IP. This is fine for some circumstances, but not if you can only enter an IP address into configuration files/hardware etc like firewalls, subversion services etc etc. Is there a way I can have a static IP address 'forwarding' to my dynamic IP? Would a possible solution involve tunnelling? Setting up a private proxy? Please note the following: I am able to buy an IP address from my web host. I have access to a webserver and I am able to create custom DNS zones. I'm happy to have a webserver running at home if necessary also. I do not wish to change broadband providers. I have zero control over the services that require the IP address entering so I cannot tackle the problem that way round (services I need to access are at work). PS I've tried googling this issue, but it is very difficult to search for as most results are related to dynamic dns (which I already have set up and isnt quite what I'm after)

    Read the article

  • TeamCity EC2 Integration via ISA Server

    - by Tim Long
    I have a TeamCity server which is actually installed on SBS 2003 Premium with ISA Server (firewall/proxy) installed. My ADSL connection has multiple IP addresses, which all resolve directly to my SBS external NIC. The NIC is therefore multi-homed and I have allocated one of the IP addresses specifically to TeamCity. In ISA, I've created an access rule to allow the traffic in. I can access my TeamCity server externally and view the web interface, that all works fine. I want to use the Amazon EC2 integration in TeamCity to launch build agents 'in the cloud'. The problem I am having is that when the agent starts, it sees the server and registers, then just sits there waiting. On the server side, the agent appears as 'disconnected'. Examining the settings, the agent's IP address appears to be that of the external NIC. What I think might be happening is that the traffic is undergoing Network Address Translation (NAT) so that TeamCity always thinks the agent is locally installed and therefore can't communicate with the actual remote agent. This seems to happen even though I have a permanent static IP address dedicated to TeamCity. So, the question is this. How can I make traffic to a specific IP address pass through the ISA server un-NATted?

    Read the article

  • How to repair multiple KDC an Netlogon errors

    - by Keith Sirmons
    Howdy, I have several erros in the system event log of my single Windows 2003 SP2 domain controller. Multiple member computers on the domain are listed in these errors. I am seeing two similar errors for each computer one second apart in the event log. Event ID 7 Source KDC The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was [email protected] and lookup type 0x8. followed by Event ID 7 Source KDC The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was MEMBERNAME$ and lookup type 0x8. The Lookup Types are also different, I have 0x8, 0x28, 0x0, 0x20. I am also receiving other authentication errors in the same time frame as all of the KDC errors Event ID 5722 Source NETLOGON The session setup from the computer MEMBERNAME failed to authenticate. The name(s) of the account(s) referenced in the security database is MEMBERNAME$. The following error occurred: Access is denied. I have run dcdiag /v to see if there was something wrong with Active Directory, but all tests passed. I also ran netdiag /v and it appers all of those tests ran. Any ideas on where to start for this issue? Thank you, Keith

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 314 315 316 317 318 319 320 321 322 323 324 325  | Next Page >