Search Results

Search found 9696 results on 388 pages for 'proxy authentication'.

Page 269/388 | < Previous Page | 265 266 267 268 269 270 271 272 273 274 275 276 | Next Page >

squid running out of sockets

- by drscroogemcduck

I have a setup where squid sits in front of a java server and acts as a reverse proxy. Recently i've load tested the site and if i fire 100 threads at it each making a request using jmeter i start getting errors in my load test tool like 'no route to host' even though the load test tool and the server are on the same machine. if i run the following command where port 82 is the port my squid server is running on: netstat -ann | grep 82 | wc -l i get 22000 or something and most of them are in TIMED_WAIT. i'm thinking that maybe the huge number of sockets in the TIMED_WAIT state are starving the box of resources.

Read the article
IIS NLB Web Farm to front Single Tomcat Instance

- by Brent Pabst

I've got a single Tomcat 6 server that hosts a JSP app. We just spun up a new IIS 7.5 web farm to host our other internal apps. Currently the machine that hosts Tomcat is also running IIS 7 with the ISAPI filter loaded to provide front-end handling for the JSP app. I'd like to move the IIS portion to the web farm to consolidate our IIS presence and let the Tomcat server just serve and run Java and Tomcat. Has anyone done this, is it even possible while ensuring session state is properly maintained? I had it up and running using the IIS Tomcat Connector http://tomcatiis.riaforge.org/ but after a while the communication between the boxes slowed and pages would not load. In addition it seemed like some of our authentication tickets were timing out. Thanks for any ideas or reference material!

Read the article
Configuring Redhat / CentOS 5 SSH to authenticate to IPA server with public keys

- by Kyle Flavin

I'm trying to configure some Red Hat/CentOS servers to use an ipa-server on CentOS 6 for SSH authentication with public keys. I'm storing the public keys on the IPA server, which works great on Centos6 using "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys" in /etc/ssh/sshd_config. However, on RH 5.10, neither the "AuthorizedKeysCommand" directive or the "/usr/bin/sss_ssh_authorizedkeys" command exist to pull the public key from the directory. Is there a different way to make this work? Googling this mostly returns instructions for setting it up on 6.

Read the article
iptables: limiting bytes downloaded per IP per day?

- by Miles

On a public-facing web server, I'd like to limit the total bytes downloaded per IP address per day. For example, after a visitor downloaded 100MB, any additional requests would be dropped or rejected for the next 24 hours. Is it possible to accomplish this using iptables alone? The connbytes, connlimit, hashlimit, quota, and recent options all look promising, but the man page plays its cards close to the vest (e.g., "quota - Implements network quotas by decrementing a byte counter with each packet. --quota bytes The quota in bytes."). Would like to avoid using a proxy (like Squid) if possible.

Read the article
Windows 7 connect to Lion file sharing

- by McKvack

Trying to access my Mac from a Windows 7 computer, I fail with the infamous error 86 incorrect password. Now this appears to be a well-known problem with countless threads on the internet giving as many "solutions" as there are discussion threads about it (mostly ranging from installing third-party commercial samba servers, to switching to some other protocol, to compiling a plain-vanilla Samba installation - the latter which I will probably do when I give up this :) ) I am stubborn, and I believe there must be some problem here that can be solved or worked around, but there is surprisingly little detail about this problem. It appears to have something to do with a mismatch of authentication methods. Trying to run samba in debug mode: sudo /usr/sbin/smbd -debug -stdout gets me this output when trying to access it from Win 7 ... smb1_dispatch_one [smb_dispatch.cpp:377] dispatching SMB_COM_SESSION_SETUP_ANDX smb1_dispatch_session_setup [session_setup.cpp:261] FIXME erase existing sessions log_gss_error [gssapi_mechanism.cpp:97] gssapi: gss-code: Miscellaneous failure (see text) log_gss_error [gssapi_mechanism.cpp:113] gssapi: mech-code: unknown mech-code 22 for mech unknown What is the problem here, and how do I fix it?

Read the article
Running a webserver behind a firewall I have no access to

- by reijin

I'm having a bad time in my student appartment: I want to run a webserver on my Laptop, which should be reachable from outside of the net. I'm sitting behind some proxy-server that passes outgoing packets to the matching server. But when it comes to incoming messages - it wouldn't route them correctly to my PC. (Seems like packets only get passed if some PC from within the student-flat is already connected to the sending server) In the past I had a small virtual private server that was sending incoming website-requests over a reverse shell to my PC. Which then returned the website content, and the visitor could see my website. Sadly I dont have that server anymore... Do you have any idea that might solve my problem? Greetings, Benedikt

Read the article
How to make AD highly available for applications that use it as an LDAP service

- by Beaming Mel-Bin

Our situation We currently have many web applications that use LDAP for authentication. For this, we point the web application to one of our AD domain controllers using the LDAPS port (636). When we have to update the Domain Controller, this has caused us issues because one more web application could depend on any DC. What we want We would like to point our web applications to a cluster "virtual" IP. This cluster will consist of at least two servers (so that each cluster server could be rotated out and updated). The cluster servers would then proxy LDAPS connections to the DCs and be able to figure out which one is available. Questions For anyone that has had experience with this: What software did you use for the cluster? Any caveats? Or perhaps a completely different architecture to accomplish something similar?

Read the article
RODC password replication and A/D sites and subnets

- by Gregory Thomson

I work at a school district with about 30 school sites. Windows 2008 A/D setup - all central at the district office. In A/D, all is under one site, and no subnets defined. One A/D forest and only one domain under that. We're now looking to start putting RODCs at the schools to put the authentication and DNS out there closer to them. I haven't worked with A/D sites and subnets, and only a little with RODC password replication. But just got an invite to a meeting to talk about this tomorrow... If we start breaking down the A/D pieces into sites/subnets, can we also use that as a way to help apply an RODC password replication policy in a way that matches so that only each school sites' users passwords are replicated/cached on their RODC?

Read the article
Run script when shutting down ubuntu before the logged in user is logged out

- by Travis

I'm writing a script to backup some local directories on a unix machine (Ubuntu) to a samba drive. The script works fine and I've got it running at shutdown and restart using the method described at http://en.kioskea.net/faq/3348-ubuntu-executing-a-script-at-startup-and-shutdown It works by placing the backup script into the /etc/rc6.d and /etc/rc0.d directories. However there is a problem. After looking at the scripts logfile it seems to be run after the user is logged out. We are using LDAP authentication and when the user logs out, the system cannot backup to their samba share. Does anyone know of anyway to run the script before the user is logged out?

Read the article
Corporate IM with video that actually works, suggestions?

- by Erik P. Skaalerud

Hi. Does anyone here have a suggestion for a cross-platform IM solution wich will work with voip/video on both Windows (XP and 7) and Mac OS X from 10.4 and upwards? Right now were in a kind of mixed enviroment, with some Mac users using iChat server since they need video support (conference across several offices over VPN), but it wont't work on windows clients. The rest of us are happily using Openfire+Spark, but there's no VoIP or video avaible from what i've found, unless you want to add in several 3rd party software (like red5 and asterisk). Requirements: As said before; must work on both Windows and Mac Internal server (no Skype etc) File transfer between platforms SSO (Single Sign-On) via Active Directory authentication Some sort of screen sharing would be a plus, like switching over to a screen capture (powerpoint, software training etc) We can afford to buy software if that's needed to get this working without any hiccups across platforms. Pre-thanks to anyone who gives suggestions.

Read the article
AFP / Apple Filling Protocol aka Netatalk access over Internet

- by PJJ

I got a simple cloud server and thought it would be nice to have mac native afp Volumes accesss. Installed Netatalk and this seems to work pretty nice. No sensitive data or something but I don't like to wake up someday and have my www docs rm-rfed by some kid h4x0r. Q1: Is afp encrypted? Q2: How can I make it (semi)secure? Q3: Does VPN makes sense for this? Q4: What would you do to get afp working over net? Opening any service meant for Lan only is a basic flaw, i know - but me be ignorant about it. According to Apple Dev only the authentication is encrypted or am I mssing something?

Read the article
Migrating LDAP user and password to SAMBA4 AD

- by Rudy Dajoh

As title suggests. We are migrating from OpenLDAP as user authentication to Samba 4 AD Domain. But I can't find any information on how to transfer passwords and users to Samba 4 AD. How to migrate all LDAP user base at ou=People,dc=company,dc=com to samba 4 AD domain? I don't need to assistance transferring everything, I only need to transfer user accounts. I've finished migrating them all but user/passwords. Can it be done? If so, how?

Read the article
Security Audit Failures in Event Viewer Windows Server 2008R2

- by Jacob

When I am looking at the security tab of my event viewer on a Windows Server 2008 R2, I am showing a ton of Audit Failures with Event ID 4776. The computer attempted to validate the credentials for an account. Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon Account: randy Source Workstation: HPDB1 Error Code: 0xc0000064 I verified the account "randy" exist in my Active Directory. From my understanding, there has not been any recent password changes. Is there any way to get detailed information on this error? I am wondering what program is requesting this information. Also, is there any way to clear this error up? I was thinking about resetting the password and changing it back to the original.

Read the article
DKIM for email through Google Apps domain with external outbound relay

- by David Gardiner

I'd like to enable the new Domain Keys DKIM email authentication feature for a domain hosted in Google Apps. Some of my users use an external SMTP gateway (such that when they send email, it doesn't go through smtp.gmail.com). I have an SPF record configured for the domain, and this allows the external SMTP gateways as valid SMTP hosts. (I realise SPF is different to DKIM) Will enabling DKIM adversely affect the external gateway email? eg. Are the externally sent emails at risk of being marked as spam because they would not have the DKIM signature, or will DKIM only positively benefit emails sent through Google's SMTP server?

Read the article
Cloud services, Public IPs and SIP

- by Guido N

I'm trying to run a custom SIP software (which uses JAIN SIP 1.2) on a cloud box. What I'd really like is to have a real public IP aka which is listed by "ifconfig -a" command. This is because atm I don't want to write additional SIP code / add a SIP proxy in order to manage private IP addresses / address translation. I gave Amazon EC2 a go, but as reported here http://stackoverflow.com/questions/10013549/sip-and-ec2-elastic-ips it's not fit for purpose (they do a 1:1 NAT translation between the private IP of the box and its Elastic IP). Does anyone know of a cloud service that provides real static public IP addresses?

Read the article
disable RADIUS for Cisco 2500 wireless controller

- by Tim Vaughan

I have a Cisco 2500 wireless controller and four lightweight access points. I want to use the controller to manage a wireless network secured by WPA only, without using RADIUS or anything else. We'll handle the authentication using a captive portal behind the access points. However, it seems like the controller's default security policy requires a RADIUS server and I can't find out how to switch the policy off. The documentation assumes I'm in an environment which needs heavy-duty security and the use case is actually a small charity/business with much less stringent security requirements. How do I disable the complicated security policy and instead run a simple one that just uses WPA?

Read the article
Apache SSL losing session over load balancer

- by SaltyNuts

I have two physical Apache servers behind a load balancer. The load balancer was supposed to be set up so that a user would always be sent to the same physical server after the first request, to preserve sessions. This worked fine for our web apps until we added SSL to the setup. Now the user can successfully login, see the home page, but clicking on any other internal links logs the user right out. I traced the issue to the fact that while initial authentication is performed by server 1, clicking on internal links leads to having the request sent to server 2. Server 2 does not share sessions with server 1, and the user is kicked out. How can I fix it? Do I need to share sessions between the two servers? If so, could you point me to a good guide for doing this? Thanks.

Read the article
media is write protected when using diskshadow.exe, start-bitstransfer powershell cmdlet

- by Aaron - Solution Evangelist

i am trying to use the powershell start-bitstransfer cmdlets to transfer a file i have exposed using a vss snapshot (via diskshadow), but unfortunately i am receiving the following error: Start-BitsTransfer : The media is write protected. At line:1 char:49 + Import-CSV c:\hda1\bits.txt | start-bitstransfer <<<< -transfertype upload -Authentication "Basic" -Credential $cred + CategoryInfo : InvalidOperation: (:) [Start-BitsTransfer], Exception + FullyQualifiedErrorId : StartBitsTransferCOMException,Microsoft.BackgroundIntelligentTransfer.Management.NewBits TransferCommand we really want to utilize the bits endpoint we are attempting to transfer the files to. is there any other way we can go about this (aside from copying the files elsewhere first, unless we can copy one slice at a time and transfer that)?

Read the article
mystery Internet traffic to port 445

- by Ben Collver

Recently, I noticed traffic from the office network to TCP port 445 on the Internet [a]. Below are the Linux firewall log entries to Facebook's network [b] and Google's network [c]. I would like to identify the source of this traffic. My first guess is that Facebook and Google might be using multiple TCP ports for SSL load balancing. However, I could not confirm this based on the web proxy logs. What else might it be? [a] http://support.microsoft.com/kb/204279 [b] Sep 4 08:30:03 firewall01 kernel: IN=eth0 OUT=eth2 SRC=10.0.0.131 DST=69.171.237.34 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=14287 DF PROTO=TCP SPT=51711 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 [c] Aug 28 06:02:41 firewall01 kernel: IN=eth0 OUT=eth2 SRC=10.0.0.115 DST=173.194.33.47 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=4558 DF PROTO=TCP SPT=49294 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0

Read the article
How to authenticate users in nested groups in Apache LDAP?

- by mark

I've working LDAP authentication with the following setup AuthName "whatever" AuthType Basic AuthBasicProvider ldap AuthLDAPUrl "ldap://server/OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,DC=local?sAMAccountName?sub?(objectClass=*)" Require ldap-group CN=MySpecificGroup,OU=Security Groups,OU=MyBusiness,DC=company,DC=local This works, however I've to put all users I want to authenticate into MySpecificGroup. But on LDAP server I've configured that MySpecificGroup also contains the group MyOtherGroup with another list of users. But those users in MyOtherGroup are not authenticated, I've to manually add them all to MySpecificGroup and basically can't use the nested grouping. I'm using Windows SBS 2003. Is there a way to configure Apache LDAP to do this? Or is there a problem with possible infinite recursion and thus not allowed?

Read the article
Credentials work for SSMS but not (ODBC) LogParser script

- by justSteve

Via SSMS I'm able to connect and navigate the server/db in question. but trying to connect via a logparser script the same credentials fail. I'm trying to execute this from the same box on which the server's running. the username is owner/dbo of the db. The db has mixed mode authentication. [linebreaks for clarity] C:\TTS\tools\LogParserc:\tts\tools\logparser\logparser file:c:\tts\tools\logparser\errors2SQL.sql?source="C:\inetpub\logs\LogFiles\W3SVC8\u_ex100521.log" -i:IISW3C -o:SQL -createTable:ON -oConnString:"Driver={SQL Server Native Client 10.0};Server=servername\SQLEXPRESS;db=Tter;uid=logger2;pwd=foo" -stats:OFF Task aborted. Error connecting to ODBC Server SQL State: 28000 Native Error: 18456 Error Message: [Microsoft][SQL Server Native Client 10.0][SQL Server]Login failed for user 'logger2'. C:\TTS\tools\LogParser

Read the article
Debian on Hyper-V

- by Tobia

I installed Debian with kernel 2.6.32-5-686 on a Hyper-V virtual machine. I had to add a legacy network card. I follow this tutorial http://www.microsofttranslator.com/bv.aspx?ref=Internal&from=ru&to=en&a=http://blogs.technet.com/b/abeshkov/archive/2011/03/17/hyperv_5f00_debian.aspx to add Hyper-V driver but when I reboot with the new kernel it crash during bootup. Is there any other way to load hyper-v drivers? I really need to change that legacy network card because my debian machine is going to be used as proxy. Thank you.

Read the article
Modify HTML Content with Squid

- by user38400

We have setup our network as per the tutorial here: https://help.ubuntu.com/community/Upside-Down-TernetHowTo. Basically, we have a squid proxy that inverts images for pages that clients request. We're trying to modify the script so that we can edit the contents of the webpage before the webpage is sent to the client. We are not having any luck. I'm wondering if there is something different about .html files that makes this not possible. What is happening is that we do a wget on the URI that is requested, save it locally, modify it and then echo back the new URI. The page that the user gets is the unmodified page and not the one that we just changed.

Read the article
How to get password prompt from scp when launched remotely via ssh

- by Zek

When I ssh to a remote system and execute scp, I do not get a password prompt: # ssh 192.168.1.32 "scp joe\@192.168.1.31:/etc/hosts /tmp" Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password,keyboard-interactive). If I break it up like this, it works fine: # ssh 192.168.1.32 # scp joe\@192.168.1.31:/etc/hosts /tmp [email protected]'s password: How can I make it prompt me for the password in the first example above? Note: No, I cannot use key-based authentication for this.

Read the article
Failed reverse DNS and SPF only when using Thunderbird!

- by TruMan1

I have a reverse DNS and SPF records correctly setup for my mail server. Sending webmail from it works perfect. The problem is when Thunderbird sends out emails, it is using the client's IP address for the hostname. I have SMTP authentication and specified my mail server's as the outgoing SMTP. Mail is being sent, but it is not "signing" the email with the mail server's IP address.. it is using the client's. Is there any way to fix this? This is the spam error I get when sending from Thunderbird: Spam: Reverse DNS Lookup, SPF_SoftFail

Read the article

< Previous Page | 265 266 267 268 269 270 271 272 273 274 275 276 | Next Page >