Search Results

Search found 93946 results on 3758 pages for 'sub user'.

Page 139/3758 | < Previous Page | 135 136 137 138 139 140 141 142 143 144 145 146 | Next Page >

Configure Postfix to use external MX servers for delivery of local mail if user is unknown

- by mr.b

I have a following setup: linux box with postfix configured to be responsible for example.com domain domain's MX servers are configured so that mail sent to example.com is sent to google mail servers several user accounts on linux machine exist (same machine also hosts example.com site) When someone from the outside attempts to send mail to address ending with @example.com, it gets routed to google mail (and there handled appropriately). When linux machine tries to send mail to outside world, mail is delivered correctly, as reverse dns and spf records are configured correctly, so linux machine is valid mail sender for example.com domain (along with google mail servers). However, here's the problem. When php application (hosted at linux box) tries to send mail to [email protected] (and someuser doesn't exist on linux box), it fails, since it doesn't even consult google mail servers, but postfix smtp locally concludes that "someuser" is unknown. So, the question is: how do I tell postfix to relay mails sent to @example.com domain to google mail servers (so, to servers specified in MX records), IF and only if a mailbox is not found locally.

Read the article
Folder permissions, red x on user object

- by Matt Bear

This question was asked before but was no answer. On shared folders on the file server, for the domain user name object under the security tab, the icon has a red x. There are no symptoms, the users have full access, there is just a red x on the icon for their name. Why is this? For clarification, logged into the windows 2008 r2 file server, browse to a users shared folder, right click on the folder, hit properties, click the security tab. The object representing the users domain name has a little red x on the lower right hand corner of the icon that looks like a single man. There are no symptoms beyond me wondering why the red x is there.

Read the article
How to create a restricted SSH user for port forwarding?

- by Lekensteyn

ændrük suggested a reverse connection for getting an easy SSH connection with someone else (for remote help). For that to work, an additional user is needed to accept the connection. This user needs to be able to forward his port through the server (the server acts as proxy). How do I create a restricted user that can do nothing more than the above described? The new user must not be able to: execute shell commands access files or upload files to the server use the server as proxy (e.g. webproxy) access local services which were otherwise not publicly accessible due to a firewall kill the server Summarized, how do I create a restricted SSH user which is only able to connect to the SSH server without privileges, so I can connect through that connection with his computer?

Read the article
Win2008 - restrict VPN user permissions

- by Sebas

Windows 2008 R2 SP1 Foundations file server with no AD, only workgroup sharing some folders, and now a RRAS server. Shared folders are open to everyone in the office (XPs and Sevens) without accounts/passwords, but I was thinking about partially limiting access to the new "VPNuser" account. I'm new to Windows Server and its permissions settings: I thought about denying access to vpnuser through NTFS rights in some folders. It doesn't work, but now I'm guessing that the vpnuser is not considered as a logged user (doesn't appear as such) and is considered a "guest", like the rest of people connecting in the office. I say that because of this: http://social.technet.microsoft.com/Forums/windowsserver/en-US/ff6d3726-ff41-4d3f-9d97-5361af0206dd/vpn-users-on-server-shows-as-guest?forum=winserverNIS Also, because when I create a txt file using the VPN connection, owner field shows in description as "guest". Am I right? How can I set different rights for the VPNuser from the rest of "guest" users in the office?

Read the article
Proftpd user-auth with mod_sql/mod_sql_passwd

- by Zae

I'm reading up how to interface ProFTPd with MySQL for an implementation I'm working on, I noticed it seems like all the example code or instructions I see have the user login field in MySQL set as "varchar(30)". I don't see anything saying there's a limit to the field length for ProFTPd, but I wanted to check around anyway. The project this setup is going to get mixed into was planning to have their universal usernames support "varchar(255)". Can I use that safely? or is there an FTP limitation elsewhere I'm missing? Running ProFTPd 1.3.4a(custom compiled), MySQL 5.1.54(ubuntu repos)

Read the article
How to whitelist a user agent for nginx?

- by djb

I'm trying to figure out how to whitelist a user agent from my nginx conf. All other agents should be shown a password prompt. In my naivity, I tried to put the following in before deny all: if ($http_user_agent ~* SpecialAgent ) { allow; } but I'm told "allow" directive is not allowed here (!). How can I make it work? A chunk of my config file: server { server_name site.com; root /var/www/site; auth_basic "Restricted"; auth_basic_user_file /usr/local/nginx/conf/htpasswd; allow 123.456.789.123; deny all; satisfy any; #other stuff... } Thanks for any help.

Read the article
In Windows XP, is it possible to disable user credential caching for particular users

- by kdt

I understand that when windows caches user credentials, these can sometimes be used by malicious parties to access other machines once a machine containing cached credentials is compromised, a method known as "pass the hash"[1]. For this reason I would like to get control over what's cached to reduce the risk of cached credentials being used maliciously. It is possible to prevent all caching by zeroing HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount, but this is too indiscriminate: laptops users need to be able to login when away from the network. What I would like to do is prevent the caching of credentials of certain users, such as administrators -- is there any way to do that in Windows XP? http://www.lbl.gov/cyber/systems/pass-the-hash.html

Read the article
VNC unattended Server (No user Interaction)

- by Louis van Tonder

I worked on a proof on concept a while ago.... whereby I managed to get VNC going in full "unattended" mode... I.e. The VNC Server dials into the viewer... which is running in Listening mode. The same concept of how single click works, but without the user interaction. I cant seem to locate my source files for this concept I worked on... although I have found my shortcut that worked on the Viewer side to listen. "C:\Program Files\UltraVNC\vncviewer.exe" -listen 5007 /noauto /256colors I can not however remember/locate my demo of what the server is doing.... how to configure it. If I remember correctly, the server was also started with command line params that "dialed" into a remote IP/port, that the viewer is listening on. Any ideas? Thanks

Read the article
Restrict access to SSH for one specific user

- by j0nes

I am looking for a way to secure my servers with the following setup: I have a server where I can log in via SSH. The main account there (named "foo") is secured by a keybased login with password. I have another user account (named "bar") that I use to log in via cronjobs running on other servers - this one also has keybased login, but without password. Now I want to limit access to this machine for the "bar" account. The account should only be accessible via known IPs. However, the "foo" account should not be affected by this, this one should basically be accessible from any IP. How can I manage this? Or is there a simpler solution to everything?

Read the article
Windows user cannot connect via application, but can via Remote Desktop

- by C. Ross

I have an application (ASG-Zena) giving an 1385 error (Logon failure: the user has not been granted the requested logon type at this computer) when trying to run a batch job. I have checked on "Access this computer from the network" includes Everyone and Administrators and many others. "Deny access to this computer from the network" make sure that Guest is not listed there. If you still have problems, then maybe make sure that nothing is listed there. Administrative tools...local security policy..security options "Network access sharing and security model for local accounts" there are 2 options either classic or 'guest only'. Mine is set to classic. (These diagnostics come from this post) The account in question is added to the Administrator group on this computer. I know the login is valid because I regularly login to the server via remote Desktop. What other settings should I check?

Read the article
Spam mail through SMTP and user spoofing

- by Josten Moore

I have noticed that it's possible to telnet into a mailserver that I own and send spoofed messages to other clients. This only works for the domain that the mail server is regarding; I cannot do it for other domains. For example; lets say that I own example.com. If I telnet example.com 25 I can successfully send a message to another user without authentication: HELO local MAIL FROM: [email protected] RCPT TO: [email protected] DATA SUBJECT: Whatever this is spam Spam spam spam . I consider this a big problem; how do I secure this?

Read the article
How to handle multi-processing of libraries which already spawn sub-processes?

- by exhuma

I am having some trouble coming up with a good solution to limit sub-processes in a script which uses a multi-processed library and the script itself is also multi-processed. Both, the library and script are modifiable by us. I believe the question is more about design than actual code, but for what it's worth, it's written in Python. The goal of the library is to hide implementation details of various internet routers. For that reason, the library has a "Proxy" factory method which takes the IP of a router as parameter. The factory then probes the device using a set of possible proxies. Usually, there is one proxy which immediately knows that is is able to send commands to this device. All others usually take some time to return (given a timeout). One thought was already to simply query the device for an identifier, and then select the proper proxy using that, but in order to do so, you would already need to know how to query the device. Abstracting this knowledge is one of the main purposes of the library, so that becomes a little bit of a "circular-requirement"/deadlock: To connect to a device, you need to know what proxy to use, and to know what proxy to create, you need to connect to a device. So probing the device is - as we can see - the best solution so far, apart from keeping a lookup-table somewhere. The library currently kills all remaining processes once a valid proxy has been found. And yes, there is always only one good proxy per device. Currently there are about 12 proxies. So if one create a proxy instance using the factory, 12 sub-processes are spawned. So far, this has been really useful and worked very well. But recently someone else wanted to use this library to "broadcast" a command to all devices. So he took the library, and wrote his own multi-processed script. This obviously spawned 12 * n processes where n is the number of IPs to which he broadcasted. This has given us two problems: The host on which the command was executed slowed down to a near halt. Aborting the script with CTRL+C ground the system to a total halt. Not even the hardware console responded anymore! This may be due to some Python strangeness which still needs to be investigated. Maybe related to http://bugs.python.org/issue8296 The big underlying question, is how to design a library which does multi-processing, so other applications which use this library and want to be multi-processed themselves do not run into system limitations. My first thought was to require a pool to be passed to the library, and execute all tasks in that pool. In that way, the person using the library has control over the usage of system resources. But my gut tells me that there must be a better solution. Disclaimer: My experience with multiprocessing is fairly limited. I have implemented a few straightforward which did not require access control to resources. So I have not yet any practical experience with semaphores or mutexes. p.s.: In the future, we may have enough information to do this without the probing. But the database which would contain the proper information is not yet operational. Also, the design about multiprocessing a multiprocessed library intrigues me :)

Read the article
"Unknown user name or bad password" when I launch ADUC

- by Chris

When I open up Active Directory Users and Computers from my workstation, I receive an error: Naming information cannot be located because: Logon failure: unknown user name or bad password. Contact your system administrator to verify that your domain is properly configured and is currently online. If I log in to my workstation as somebody else, it works. If I log into a different workstation using my account, it works. All the workstations in question are running Windows Vista (32 and 64 bit) or Windows Server 2008. The domain controller in question is running Windows Small Business Server 2008. Everything else (that I tried) in the Remote Server Administration Tools runs just fine. Any thoughts? Edit: I just tried reinstalling RSAT. No such luck.

Read the article
Apollo linux boot into single user

- by Spirit

We have a device that runs Appolo Linux and I have to boot that device into a single user mode so that i can run a fsck to check the hard drive for errors. I've been goggling this during the past hour and so far I haven't found any specific method on how can I do that on this version on Linux. The device is known formerly as a NFX Cinxi One - now re-branded into BlackStratus LOG Storm. If any of you have any experience with this one you may know it is a device that is used to collect logs from other servers. I know that the above info isn't much but that is everything that I can provide up until now since tomorrow I have to follow up closely on this problem.

Read the article
Tons of spam on dreamhost mail user account

- by user122022

I use dreamhost for my webserver/ email host. I have about 25 users on one domain. and 1 of these users is absolutely inundated with spam every day. I have tried using dreamhosts poor blacklist feature, which was semi working (still letting a lot through) but I reached the 1000 email blacklist maximum very quickly. I have the ability to switch to google apps but that would be very expensive for 25 users. What options do I have aside from changing hosts with better spam filtering? I don't think its possible to only switch 1 user to google apps, it has to be the whole domain. There are other benefits to switching but I don't think they outweigh the cost for this company.

Read the article
Citrix Error: Your user profile was not loaded correctly

- by George

We get this error from out citrix server: Your user profile was not loaded correctly! You have been logged on with a temporary profile. Changes you make to this profile will be lost when you log off. Please see the event log for details or contact your administrator. I am well aware there is a workaround by Citrix, that can be found here, but that doesn't permanently fix our issue. It seems to come back. Any idea why that happens? Any suggestions on how to fix it? Citrix version is 4.5 running on Windows 2003 x32 EDIT 14.IX.2012 @ 16.03 CT I am sorry, let me clarify, it happens to some users, not all and not all the time.

Read the article
Tool/Program/Script/Formula for deciphering Active Directory Connection Strings for 3rd party user i

- by I.T. Support

We're using WSFTP, which has an Active Directory Integration module. To populate the user accounts you need to provide a connection string akin to: OU=Users,DC=domain,DC=com CN=Domain Users,OU=Users,DC=domain,DC=com Questions: Is there a Tool/Program/Script/Formula that allows me to decipher how these strings might look based on what I can see in Active Directory Users & Computers? Is there a proper/accepted name for these types of connection strings? I don't even know what to Google to get more information about how to format one properly How would I troubleshoot the connection string if I think it looks correctly formatted, but it isn't working? Thanks!

Read the article
Monitoring User Login time

- by beakersoft

Hi, i have recently been given the task of trying to work out why the login time (not machine boot time) for some of our users seems slow. The vast majority of clients (95%) are running on XP sp3, Windows 2003 domain controlers. Most users have the same model of machine. I would like to be able to see how long each of the polices are taking to load (if possable split user and computer) and any other info that might help (services starting etc) I changed the userenvdebuglevel reg option to generate the userenv.log file but it did'nt contain very much info Thanks Luke

Read the article
Vmware server: Browser does not load user interface

- by matnagel

I have the latest vmware server isntalled on ubuntu 8.04 lts 64 bit. I access the user interface over this url, which matches my ip and port settings: https://10.1.1.99:11222/ui Sometimes it works in fierofox 3.6, but sometimes not. Same in Google Chrome. When it does not work, what happens is that the cert is checked, the browser is loading something, but the result is a white page. Sometimes the favicon of vmware (blue with 3 squares) appears, but only the white page. And sometimes it works. I reload many times, most of the time the whit epage appears again. On some days I succeed. But on many days not. I can give more info if someone tells me what is needed. Please help, we need this badly.

Read the article
knife azure image list doesn't return User image

- by TooLSHeD

I'm trying to create and bootstrap a Windows VM in Azure using knife-azure. I initially tried using a Public Win 2008 r2 image, but quickly found out that winrm needs to be configured before this can work. So, I created a VM from that image, configured winrm as per these instructions and captured the VM. The problem is that the image does not show up when executing knife azure image list. When I try creating the server with the image name from the Azure portal, it complains that it does not exist. I'm running Ubuntu, so I tried the Azure cli tools and it doesn't show there either. I installed Azure PS in a Win 8 VM and then it shows up. Feeling encouraged, I installed Chef and knife-azure in the Win 8 VM, but it doesn't show up there either. How do I get my User image to show in knife azure?

Read the article
How can I restrict the backuppc client user as much as possible? (rsync)

- by jxn

I have backuppc making full backups of servers, but I'd like to be sure that my set up is as paranoid as possible. BackupPC is set up to backup via rsync, and it is set up to use a specific user on each client to be backed up. Because the backuppc client user has to have access to every file on the client machine and the ability to ssh into the machine without an interactive password, I'm a little nervous about securing the clients, and I'd like to know I haven't overlooked any options. Here's what I have in place: in the client user's authorized_keys file, i've included from="IPTOSERVER",command="/usr/bin/rsync" before the user's public key, so that the user can only login coming from the BackupPC server. Next, in the sudoers file, I've added this line: backuppc ALL=NOPASSWD: /usr/bin/rsync to allow root-level permissions only for the rsync command for that user. Are there other user, policy, or ssh restrictions that I can add while still allowing the backup pc client user to rsync all files?

Read the article
Tool to test a user account and password (test login)

- by TheCleaner

Yeah, I can fire up a VM or remote into something and try the password...I know...but is there a tool or script that will simulate a login just enough to confirm or deny that the password is correct? Scenario: A server service account's password is "forgotten"...but we think we know what it is. I'd like to pass the credentials to something and have it kick back with "correct password" or "incorrect password". I even thought about a drive mapping script with that user account and password being passed to see if it mapped the drive successfully or not but got lost in the logic of making it work correctly...something like: -Script asks for username via msgbox -script asks for password via msgbox -script tries to map a drive to a common share that everyone has access to -script unmaps drive if successful -script returns popup msgbox stating "Correct Password" or else "Incorrect Password" Any help is appreciated...you'd think this would be a rare occurrence not requiring a tool to support it but...well....

Read the article
Windows IPSec computer authentication using *user* account?

- by Tim Brigham

For some reason every once in a while it happens that my IPSec authentication is from a user account to a computer account, not computer to computer. How can I fix it? Sometimes - notably when I try to add a new workstation through ePO but it's happened other times as well I'm getting strange behavior from my Windows Advanced Firewall IPSec. This causes the authentication to be invalid (as the group memberships, etc all assume computer accounts). I have no idea why this is happening or how to fix it but the IDs to match up between servers (the opposite server in my second example has remote ID timb).

Read the article
nginx caching per user agent

- by Tuinslak

I'm currently using nginx as reverse proxy with caching enabled. However, the main site has two different layouts, depending on the user-agent (mobile or not). I've tried something similar to this: # mobile users if ($http_user_agent ~* '(iPhone|iPod|mobile|Android|2.0\ MMP|240x320|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|hiptop|IEMobile)') { set $iphone_request '1'; } if ($iphone_request = '1') { proxy_cache mobile; } if ($iphone_request = '') { proxy_cache site; } proxy_cache_key "$scheme://$host$request_uri"; proxy_pass http://real-site.tld; However, nginx gives an error, stating proxy_cache can't be used in an if-structure. Any other way to serve from a different cache depending on the browser? Thanks, Tuinslak

Read the article
Lost Root and other user passwords

- by Webnet

This isn't a huge deal, because there's very little on the server (literally a file or two) that we actually need off of it. But we disabled root logins as a security measure and can't remember any of our other user passwords. I'm assuming that there's nothing we can do at this point to get into the server? I'm sitting next to the box... Update Oops... actually, I need to export an SVN off of this server. So yeah, there's stuff I need.

Read the article

< Previous Page | 135 136 137 138 139 140 141 142 143 144 145 146 | Next Page >