Search Results

Search found 15556 results on 623 pages for 'login controls'.

Page 535/623 | < Previous Page | 531 532 533 534 535 536 537 538 539 540 541 542  | Next Page >

• Office Communicator and cannot sync Address book error

  - by Noah

  We are trying to get OCS 2007 R2 up and running. The clients login fine, but when I let it sit for a while, we still get the address book sync error message of: "Cannot synchronize with the corporate address book. This may be because the proxy server setting in your web browser does not allow access to the address book. If the problem persists, contact your system administrator". When I try and download the file locally, this error comes up: Could not load file or assembly 'ABServerHttpHandler, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417) I googled and came across this post (http://social.technet.microsoft.com/Forums/en/ocsaddressbook/thread/c28ff2d8-66a4-456c-a5ad-e445a667e8ed) which suggests removing and reinstalling .NET 2.0 but that didn't seem to resolve the issue either. When we run abserver.exe -validateDB it works properly. We even tried the suggestion from Greg's Blog (http://blogs.technet.com/greganth/archive/2009/03/11/office-communicator-notifications-cannot-synchronize-address-book.aspx) about restarting the web component services but that didn't work either. Still seeing the same issue. So does anyone have an idea of where we go from here?

  Read the article

• Why can't I ssh into my server using my private key?

  - by user61342

  I just setup my new server as I used to, and this time I can't login using my private key. The server is ubuntu 11.04. And I have setup following ssh key directories. root@myserv: ls -la drwx------ 2 root root 4096 Sep 23 03:40 .ssh And in .ssh directory, I have done chmod 640 authorized_keys Here is the ssh connection tracebacks: OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011 debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: Connecting to [my.server.ip] [[my.server.ip]] port 22. debug1: Connection established. debug1: identity file /Users/john/.ssh/id_rsa type -1 debug1: identity file /Users/john/.ssh/id_rsa-cert type -1 debug1: identity file /Users/john/.ssh/id_dsa type 1 debug1: identity file /Users/john/.ssh/id_dsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-1ubuntu3 debug1: match: OpenSSH_5.8p1 Debian-1ubuntu3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA ef:b8:8f:b4:fc:a0:57:7d:ce:50:36:17:37:fa:f7:ec debug1: Host '[my.server.ip]' is known and matches the RSA host key. debug1: Found key in /Users/john/.ssh/known_hosts:2 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /Users/john/.ssh/id_rsa debug1: Offering RSA public key: /Users/john/.ssh/id_dsa debug1: Authentications that can continue: publickey,password debug1: Next authentication method: password root@[my.server.ip]'s password: Update: I have found the reason but I can't explain it yet. It is caused by uploading the key using rsync -chavz instead of scp, after I used scp to upload my key, the issue is gone. Can someone explain it? Later, I tried rsync -chv, still not working

  Read the article

• Setting up a network e-mail server

  - by Jason

  Hello, My boss just asked me to buy a new server for our office network. I know next to nothing about servers and networking, so I need someone to point me in the right direction. He said he wants this to be our e-mail server with a network login. I have no idea how to set up an e-mail server, especially one that sends/receives e-mail using our domain name. We use a terrible piece of order/inventory software called Mail Order Manager (MOM). Our computers currently connect to the MOM database through a networked drive. My boss would like to move away from this peer-to-peer MOM setup. The software publisher offers a SQL version of MOM, but it's way overpriced. Is there a better way to connect to these databases without using the SQL version? Finally, the server needs to be running Windows. Does this question make sense, is it possible, and can someone help me get started? Thanks!

  Read the article

• Cisco 891w multiple VLAN configuration

  - by Jessica

  I'm having trouble getting my guest network up. I have VLAN 1 that contains all our network resources (servers, desktops, printers, etc). I have the wireless configured to use VLAN1 but authenticate with wpa2 enterprise. The guest network I just wanted to be open or configured with a simple WPA2 personal password on it's own VLAN2. I've looked at tons of documentation and it should be working but I can't even authenticate on the guest network! I've posted this on cisco's support forum a week ago but no one has really responded. I could really use some help. So if anyone could take a look at the configurations I posted and steer me in the right direction I would be extremely grateful. Thank you! version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ESI ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings ! aaa new-model ! ! aaa authentication login userauthen local aaa authorization network groupauthor local ! ! ! ! ! aaa session-id common ! ! ! clock timezone EST -5 clock summer-time EDT recurring service-module wlan-ap 0 bootimage autonomous ! crypto pki trustpoint TP-self-signed-3369945891 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3369945891 revocation-check none rsakeypair TP-self-signed-3369945891 ! ! crypto pki certificate chain TP-self-signed-3369945891 certificate self-signed 01 (cert is here) quit ip source-route ! ! ip dhcp excluded-address 192.168.1.1 ip dhcp excluded-address 192.168.1.5 ip dhcp excluded-address 192.168.1.2 ip dhcp excluded-address 192.168.1.200 192.168.1.210 ip dhcp excluded-address 192.168.1.6 ip dhcp excluded-address 192.168.1.8 ip dhcp excluded-address 192.168.3.1 ! ip dhcp pool ccp-pool import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 10.171.12.5 10.171.12.37 lease 0 2 ! ip dhcp pool guest import all network 192.168.3.0 255.255.255.0 default-router 192.168.3.1 dns-server 10.171.12.5 10.171.12.37 ! ! ip cef no ip domain lookup no ipv6 cef ! ! multilink bundle-name authenticated license udi pid CISCO891W-AGN-A-K9 sn FTX153085WL ! ! username ESIadmin privilege 15 secret 5 $1$g1..$JSZ0qxljZAgJJIk/anDu51 username user1 password 0 pass ! ! ! class-map type inspect match-any ccp-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all ccp-insp-traffic match class-map ccp-cls-insp-traffic class-map type inspect match-any ccp-cls-icmp-access match protocol icmp class-map type inspect match-all ccp-invalid-src match access-group 100 class-map type inspect match-all ccp-icmp-access match class-map ccp-cls-icmp-access class-map type inspect match-all ccp-protocol-http match protocol http ! ! policy-map type inspect ccp-permit-icmpreply class type inspect ccp-icmp-access inspect class class-default pass policy-map type inspect ccp-inspect class type inspect ccp-invalid-src drop log class type inspect ccp-protocol-http inspect class type inspect ccp-insp-traffic inspect class class-default drop policy-map type inspect ccp-permit class class-default drop ! zone security out-zone zone security in-zone zone-pair security ccp-zp-self-out source self destination out-zone service-policy type inspect ccp-permit-icmpreply zone-pair security ccp-zp-in-out source in-zone destination out-zone service-policy type inspect ccp-inspect zone-pair security ccp-zp-out-self source out-zone destination self service-policy type inspect ccp-permit ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group 3000client key 67Nif8LLmqP_ dns 10.171.12.37 10.171.12.5 pool dynpool acl 101 ! ! crypto ipsec transform-set myset esp-3des esp-sha-hmac ! crypto dynamic-map dynmap 10 set transform-set myset ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address initiate crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! ! ! ! ! interface FastEthernet0 ! ! interface FastEthernet1 ! ! interface FastEthernet2 ! ! interface FastEthernet3 ! ! interface FastEthernet4 ! ! interface FastEthernet5 ! ! interface FastEthernet6 ! ! interface FastEthernet7 ! ! interface FastEthernet8 ip address dhcp ip nat outside ip virtual-reassembly duplex auto speed auto ! ! interface GigabitEthernet0 description $FW_OUTSIDE$$ES_WAN$ ip address 10...* 255.255.254.0 ip nat outside ip virtual-reassembly zone-member security out-zone duplex auto speed auto crypto map clientmap ! ! interface wlan-ap0 description Service module interface to manage the embedded AP ip unnumbered Vlan1 arp timeout 0 ! ! interface Wlan-GigabitEthernet0 description Internal switch interface connecting to the embedded AP switchport trunk allowed vlan 1-3,1002-1005 switchport mode trunk ! ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$FW_INSIDE$ ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly zone-member security in-zone ip tcp adjust-mss 1452 crypto map clientmap ! ! interface Vlan2 description guest ip address 192.168.3.1 255.255.255.0 ip access-group 120 in ip nat inside ip virtual-reassembly zone-member security in-zone ! ! interface Async1 no ip address encapsulation slip ! ! ip local pool dynpool 192.168.1.200 192.168.1.210 ip forward-protocol nd ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ip dns server ip nat inside source list 23 interface GigabitEthernet0 overload ip route 0.0.0.0 0.0.0.0 10.165.0.1 ! access-list 23 permit 192.168.1.0 0.0.0.255 access-list 100 remark CCP_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip 10.165.0.0 0.0.1.255 any access-list 110 permit ip 192.168.0.0 0.0.5.255 any access-list 120 remark ESIGuest Restriction no cdp run ! ! ! ! ! ! control-plane ! ! alias exec dot11radio service-module wlan-ap 0 session Access point version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ESIRouter ! no logging console enable secret 5 $1$yEH5$CxI5.9ypCBa6kXrUnSuvp1 ! aaa new-model ! ! aaa group server radius rad_eap server 192.168.1.5 auth-port 1812 acct-port 1813 ! aaa group server radius rad_acct server 192.168.1.5 auth-port 1812 acct-port 1813 ! aaa authentication login eap_methods group rad_eap aaa authentication enable default line enable aaa authorization exec default local aaa authorization commands 15 default local aaa accounting network acct_methods start-stop group rad_acct ! aaa session-id common clock timezone EST -5 clock summer-time EDT recurring ip domain name ESI ! ! dot11 syslog dot11 vlan-name one vlan 1 dot11 vlan-name two vlan 2 ! dot11 ssid one vlan 1 authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa version 2 accounting rad_acct ! dot11 ssid two vlan 2 authentication open guest-mode ! dot11 network-map ! ! username ESIadmin privilege 15 secret 5 $1$p02C$WVHr5yKtRtQxuFxPU8NOx. ! ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 1 mode ciphers aes-ccm ! broadcast-key vlan 1 change 30 ! ! ssid one ! ssid two ! antenna gain 0 station-role root ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio0.2 encapsulation dot1Q 2 no ip route-cache bridge-group 2 bridge-group 2 subscriber-loop-control bridge-group 2 block-unknown-source no bridge-group 2 source-learning no bridge-group 2 unicast-flooding bridge-group 2 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache shutdown ! encryption vlan 1 mode ciphers aes-ccm ! broadcast-key vlan 1 change 30 ! ! ssid one ! antenna gain 0 dfs band 3 block channel dfs station-role root ! interface Dot11Radio1.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface GigabitEthernet0 description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router no ip address no ip route-cache ! interface GigabitEthernet0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface GigabitEthernet0.2 encapsulation dot1Q 2 no ip route-cache bridge-group 2 no bridge-group 2 source-learning bridge-group 2 spanning-disabled ! interface BVI1 ip address 192.168.1.2 255.255.255.0 no ip route-cache ! ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag access-list 10 permit 192.168.1.0 0.0.0.255 radius-server host 192.168.1.5 auth-port 1812 acct-port 1813 key ***** bridge 1 route ip

  Read the article

• How does cross domain authentication work in a firewalled environment?

  - by LVLAaron

  This is a simplification and the names have been changed to protect the innocent. The assets: Active Directory Domains corp.lan saas.lan User accounts [email protected] [email protected] Servers dc.corp.lan (domain controller) dc.saas.lan (domain controller) server.saas.lan A one way trust exists between the domains so user accounts in corp.lan and log into servers in saas.lan No firewall between dc.corp.lan and dc.saas.lan server.saas.lan is in a firewalled zone and a set of rules exist so it can talk to dc.saas.lan I can log into server.saas.lan with [email protected] - But I don't understand how it works. If I watch firewall logs, I see a bunch of login chatter between server.saas.lan and dc.saas.lan I also see a bunch of DROPPED chatter between server.saas.lan and dc.corp.lan. Presumably, this is because server.saas.lan is trying to authenticate [email protected] But no firewall rule exists that allows communication between these hosts. However, [email protected] can log in successfully to server.saas.lan - Once logged in, I can "echo %logonserver%" and get \dc.corp.lan. So.... I am a little confused how the account actually gets authenticated. Does dc.saas.lan eventually talk to dc.corp.lan after server.saas.lan can't talk to dc.corp.lan? Just trying to figure out what needs to be changed/fixed/altered.

  Read the article

• os x 10.4 Old, deleted user mail account problems

  - by Chris

  Hello- A while back I tried to add a user 'david' as a mail user on my OS X 10.4 server using dscl (I only had terminal access at the time, no ability to use workgroup manager). I could never get this account to work properly, so I deleted it. dscl . -list /Users no longer shows 'david' as an entry. I have since gained access via Workgroup Manager, and I am trying to re-create the 'david' account. Workgroup manager creates the account fine, along with an email account, which I can then log into via IMAP ('login david password' returns 'OK user logged in'). However, this mail account does not have an inbox, and I can not create one thru a mail client, IMAP or cyradm (they all say 'system I/O error'). When I re-delete this user, I can't find any record of him in any of the mail spool locations. Creating a user with any other name works fine (Inbox, mail access, everything). Any ideas on how I can get this user up and running again? -Chris P.S. - to create this user in the first place, I used dscl . create, then dscl . append /Users/david "some XML I found on the 'net" to add email privileges, if this helps...

  Read the article

• Mac OS X - User home directories shared via NFS

  - by Hugh

  I've run into some problems with how I've got user home directories set up on our system here. Our server is an XServe, using Open Directory to manage the user accounts. The majority of our workstations are OS X, but there are a few running Linux (Centos 5.3), and, as time goes on, we expect the proportion of Linux workstations to increase (at some point, we expect to move the server side over to Linux too, but for now we're running with what we've already got) To ensure that the Linux and OS X workstations both see user's home directories in the same place, I shared the home directories using NFS. On the server end, the home directories are stored in: /Volumes/data/company_users This is mounted on the workstations to: /mount/company_users This work fine on the Linux workstations, but there is some weirdness under OS X. For the user who is logged in through the GUI, it all works just fine. However, if a user tries to SSH into a machine that they are not the primary user on, they often have no access to their own home directory. It looks as though OS X is trying to do something else to the user home directories mount point when you log in through the GUI.... For example, on this machine (nv001), I (hugh) am logged into the GUI. Last login: Mon Mar 8 18:17:52 on ttys011 [nv001:~] hugh% ls -al /mount/company_users total 40 drwxrwxrwx 26 hugh wheel 840 27 Jan 19:09 . drwxr-xr-x 6 admin admin 204 19 Dec 18:36 .. drwx------+ 128 hugh staff 4308 27 Feb 23:36 hugh drwx------+ 26 matt staff 840 4 Dec 14:14 matt [nv001:~] hugh% So Matt's home directory is accessible to him. However, if I try to switch to him: [nv001:~] hugh% su - matt Password: su: no directory [nv001:~] hugh% Or: [nv001:~] hugh% su matt Password: tcsh: Permission denied tcsh: Trying to start from "/mount/company_users/matt" tcsh: Trying to start from "/" [nv001:/] matt% Does anyone have any idea why it might be doing this? It's causing me all sorts of problems at the moment... The only machine that I can successfully switch users at the moment is the server that the user directories are stored on, where /mount/company_users is actually just a symlink to /Volumes/data/company_users

  Read the article

• Windows 7: Touch gestures in IE not working without explorer.exe being run once

  - by Michael

  Details: Internet Explorer 9 and Windows 7 Professional, running on a HP TouchSmart (touch screen PC). It is going to be a kiosk PC (running a custom GUI for displaying websites). Scenario 1: When running Internet Explorer as a normal program in Windows 7, touch functions work perfectly. I can scroll the website by dragging it with my finger, I can pinch zoom and I can touch-and-hold right click. I now change the default shell in Windows to Internet Explorer (ie. IE starts instead of explorer.exe). Internet Explorer of course starts up when logging in. However, touch functions are reduced to basic clicking (no dragging, no pinch zooming, no touch-and-hold right click). Then I manually start explorer.exe, and the touch functions work again! And here is the weird part: When I kill explorer.exe, the touch functions keeps working - even if I close IE and start a new instance. Scenario 2: The exact same, but instead of changing the default shell to Internet Explorer, I change it to my own program, which uses an embedded Internet Explorer ("WebBrowser"). Same thing happens. What I've tried: Autorun programs: When explorer.exe launches, it launches all the autorun programs. There are no relevant programs being run by explorer, but just in case, I have manually started all the autorun programs, so that it is identical (but without explorer.exe) to a normal login. It still does not work (until I launch explorer.exe). Specifically TabTip.exe, TabTip32.exe and wisptis.exe are all running. All services are also started. To sum it up Running explorer.exe once changes something in the touch capabilities of Internet Explorer. It doesn't matter if explorer.exe is running - as long as it has been run once. Does anyone know what causes this behavior? Or how I can circumvent it neatly? Thanks!

  Read the article

• Citrix client slow to launch

  - by user706837

  Was wondering if anyone else experience Citrix client to launch very slowly. While I'm a Windows SA by trade, I consider myself Novice+ on Linux, but I doubt thats the problem. This is the simple scenario: 1. Login to Citrix server to work from home 2. Click on the published application; this typically starts the local Citrix client. 3. Citrix client should start and you're off. Problem is between #2 and #3 I click on the application and 8 out of 9 times there is a 60 second delay and then I get an SSL connection error. I suspect this error is misleading since the connection took too long to open. But I dont know how to prove it (or fix it). I'm able to successfully manually launch wfcmgr without errors; so this leads me to believe Citrix client is installed correctly. I even leave it running thinking this may help, but I don't see a difference with or without this running first. The only times I'm able to connect successfully is when the Citrix client starts up a few seconds after clicking on the application. I've searched online for articles that might help, but tried a number of fixes without much difference. Even tried "ln -sf /dev/urandom /dev/random" as suggested by this article, but no dice:http://forums.citrix.com/message.jspa?messageID=1381276 My System (specs that may be relevant) Sony VAIO Laptop VGN-NW270F Linux Mint 11.04 Problem using: FireFox and Chrome Any help would be appreciated. Just trying to either find an answer or guidance on how to determine why its taking so long to launch the Citrix Client. Thanks

  Read the article

• IIS 7.5 Basic authorization issue

  - by Alsin

  When I log on using correct user name\password (I always copy-paste them) I get 401.1 error. User name and password are correct (user is created on server locally, not a domain one). I can run program as this user (runas /noprofile /user:tmp notepad.exe). Basic authorization's default domain is a server name, realm is empty. I've saved FailedReqLogFile. AUTH_BASIC_LOGON_FAILED shows ErrorCode="Logon failure: unknown user name or bad password. (0x8007052e)" and MODULE_SET_RESPONSE_ERROR_STATUS shows ModuleName="BasicAuthenticationModule", Notification="AUTHENTICATE_REQUEST", HttpStatus="401", HttpReason="Unauthorized", HttpSubStatus="1", ErrorCode="Logon failure: unknown user name or bad password. (0x8007052e)", ConfigExceptionInfo="" And one more thing - if I use my domain login\password it woks! Basic Authentications is only enabled authentication in application... Could you please suggest me how I can troubleshoot and fix this issue? Maybe somebody hit it before... Best regards, Alex UPDATE: I get 401.1 when I trying to access site from local host. I can actually access files from remote host.

  Read the article

• Phpmyadmin location for nginx

  - by multiformeinggno

  I installed nginx and phpmyadmin. I set up a domain with these parameters to test phpmyadmin: server { listen 80; server_name domain.com; root /usr/share/phpmyadmin; index index.php; fastcgi_index index.php; location ~ \.php$ { include /etc/nginx/fastcgi.conf; fastcgi_param SCRIPT_FILENAME /usr/share/phpmyadmin$fastcgi_script_name; fastcgi_pass unix:/var/run/php5-fpm.sock; } } And everything works properly (if I visit the domain I can login to phpmyadmin). The problem is that it was just for testing phpmyadmin, now I'd like to move this to my 'default' site. But I can't figure out how to have it on /phpmyadmin. Here's the config for the 'default' nginx site (where I'd like to put this /phpmyadmin location): server { server_name blabla; access_log /var/log/nginx/$host.access.log; error_log /var/log/nginx/error.log; root /var/www/default; index index.php index.html; location / { try_files $uri $uri/ index.php; } location ~ \.php$ { include /etc/nginx/fastcgi.conf; fastcgi_pass unix:/var/run/php5-fpm.sock; } ### NginX Status location /nginx_status { stub_status on; access_log off; } ### FPM Status location ~ ^/(status|ping)$ { fastcgi_pass unix:/var/run/php5-fpm.sock; access_log off; } }

  Read the article

• IIS URL Rewrite HTTP to HTTPS with Port

  - by Andy Arismendi

  My website has two bindings: 1000 and 1443 (port 80/443 are in use by another website on the same IIS instance). Port 1000 is HTTP, port 1443 is HTTPS. What I want to do is redirect any incoming request using "htt p://server:1000" to "htt ps://server:1443". I'm playing around with IIS 7 rewrite module 2.0 but I'm banging my head against the wall. Any insight is appreciated! BTW the rewrite configuration below works great with a site that has an HTTP binding on port 80 and HTTPS binding on port 443, but it doesn't work with my ports. P.S. My URLs intentionally have spaces because the 'spam prevention mechanism' kicked in. For some reason google login doesn't work anymore so I had to create an OpenID account (No Script could be the culprit). I'm not sure how to get XML to display nicely so I added spaces after the opening brackets. < ?xml version="1.0" encoding="utf-8"? < configuration < system.webServer < rewrite < rules < rule name="HTTP to HTTPS redirect" stopProcessing="true" < match url="(.*)" / < conditions trackAllCaptures="true" < add input="{HTTPS}" pattern="off" / < /conditions < action type="Redirect" redirectType="Found" url="htt ps: // {HTTP_HOST}/{R:1}" / < /rule < /rules < /rewrite < /system.webServer < /configuration

  Read the article

• Properly force SSL with .htaccess, no double authentication

  - by cwd

  I'm trying to force SSL with .htaccess on a shared host. This means there I only have access to .htaccess and not the vhosts config. I know you can put a rule in the VirtualHost config file to force SSL which will be picked up there (and acted upon first), preventing double authentication, but I can't get to that. Here's the progress I've made: Config 1 This works pretty well but it does force double authentication if you visit http://site.com - once for http and then once for https. Once you are logged in, it automatically redirects http://site.com/page1.html to the https coutnerpart just fine: RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] RewriteEngine on RewriteCond %{HTTP_HOST} !(^www\.site\.com*)$ RewriteRule (.*) https://www.site.com$1 [R=301,L] AuthName "Locked" AuthUserFile "/home/.htpasswd" AuthType Basic require valid-user Config 2 If I add this to the top of the file, it works a lot better in that it will switch to SSL before prompting for the password: SSLOptions +StrictRequire SSLRequireSSL SSLRequire %{HTTP_HOST} eq "site.com" ErrorDocument 403 https://site.com It's clever how it will use the SSLRequireSSL option and the ErrorDocument403 to redirect to the secure version of the site. My only complaint is that if you try and access http://site.com/page1.html it will redirect to https://site.com/ So it is forcing SSL without a double-login, but it is not properly forwarding non-SSL resources to their SSL counterparts. Regarding the first config, Insyte mentioned "using mod_rewrite to perform a simple redirect is a bit of overkill. Use the Redirect directive instead. It's possible this may even fix your problem, as I believe mod_rewrite rules are some of the last directives to be processed, just before the file is actually grabbed from the filesystem" I have not had no such luck on finding a force-ssl config option with the redirect directive and so have been unable to test this theory.

  Read the article

• How do I install OpenStack on a single Ubuntu 12.04 node?

  - by Sam Edwards

  I'm having trouble installing OpenStack in Ubuntu 12.04, for various reasons: The official Ubuntu website recommends Juju and MAAS. However, this is a single node I am trying to get OpenStack installed on, and MAAS requires "two or more nodes" according to the docs. Additionally, I don't have any experience in MAAS and Juju and would rather stick to technologies I am more familiar with so that I can debug problems that arise. I have tried StackGeek but this fails because the node only has a single Ethernet port. The node does, however, have the second hard drive required for the nova storage. I have tried DevStack but cannot log into the dashboard. The login form appears fine, but as soon as I try to submit the page, my browser begins loading indefinitely. I have tried installing straight from packages, but I get an Internal Server Error in the dashboard upon trying to log in, with no helpful logs anywhere in sight to aid me in debugging the issue. Each of these attempts was with a fresh Ubuntu 12.04 LTS setup; I'm finding it really strange that no matter what I try, I cannot get OpenStack installed. Is this even a stable/mature project? Why am I encountering so many bugs?

  Read the article

• SQL Server 2008: Can't connect to remote server via management studio but can telnet in fine

  - by WarpKid

  Hi, I am in the process of trying to configure SQL Server 2008 to accept remote connections. I have been through all the documentation I can find and yet when I attempt to connect through management studio I get an error stating that the server could not be found. Interestingly I can connect through telnet to the remote server via the port that sql server is listening on. In the SQL Server logs I can see the connection attempt. So SQL Server is up and running and listening on the correct port - no firewall blocking it. It would appear that by default SQL Server is listening on port 50314 by default but management studio attempts to connect on port 1433.Weird. Server Management Studio = no dice. Anyone got any ideas? Server is set to allow remote connections - TCP IP is enabled, firewall is off. Thanks UPDATE FOR TO CLEAR THINGS UP A BIT We are seeing the connection attempt when we telnet in on port 50314 in the sql server logs. When we login through management studio we see it attempting connection on port 1433. There is no sign of this connection attempt in the logs.

  Read the article

• PAM Winbind Expired Password

  - by kernelpanic

  We've got Winbind/Kerberos setup on RHEL for AD authentication. Working fine however I noticed that when a password has expired, we get a warning but shell access is still granted. What's the proper way of handling this? Can we tell PAM to close the session once it sees the password has expired? Example: login as: ad-user [email protected]'s password: Warning: password has expired. [ad-user@server ~]$ Contents of /etc/pam.d/system-auth: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account [default=2 success=ignore] pam_succeed_if.so quiet uid >= 10000000 account sufficient pam_succeed_if.so user ingroup AD_Admins debug account requisite pam_succeed_if.so user ingroup AD_Developers debug account required pam_access.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so session [default=2 success=ignore] pam_succeed_if.so quiet uid >= 10000000 session sufficient pam_succeed_if.so user ingroup AD_Admins debug session requisite pam_succeed_if.so user ingroup AD_Developers debug session optional pam_mkhomedir.so umask=0077 skel=/etc/skel session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_mkhomedir.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_krb5.so

  Read the article

• Could not continue scan with NOLOCK due to data movement during installation

  - by dbdev1

  Hi, I am running Windows Server 2008 Standard Edition R2 x64 and I installed SQL Server 2008 Developer Edition. All of the preliminary checks run fine (Apart from a warning about Windows Firewall and opening ports which is unrelated to this and shouldn't be an issue - I can open those ports). Half way through the actual installation, I get a popup with this error: Could not continue scan with NOLOCK due to data movement. The installation still runs to completion when I press ok. However, at the end, it states that the following services "failed": database engine services sql server replication full-text search reporting services How do I know if this actually means that anything from my installation (which is on a clean Windows Server setup - nothing else on there, no previous SQL Servers, no upgrades, etc) is missing? I know from my programming experience that locks are for concurrency control and the Microsoft help on this issue points to changing my query's lock/transactions in a certain way to fix the issue. But I am not touching any queries? Also, now that I have installed the app, when I login, I keep getting this message: TITLE: Connect to Server Cannot connect to MSSQLSERVER. ADDITIONAL INFORMATION: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 67) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=67&LinkId=20476 BUTTONS: OK I went into the Configuration Manager and enabled named pipes and restarted the service (this is something I have done before as this message is common and not serious). I have disabled Windows Firewall temporarily. I have checked the instance name against the error logs. Please advise on both of these errors. I think these two errors are related. Thanks

  Read the article

• How to lock Windows7 from installing anything.

  - by Andy

  A family member continually needs me to reinstall his PC after it gets viruses and spyware. He claims that he never downloads anything but evidence suggests otherwise. Unless there is some way that watching 'videos' can get spyware on there. AFAIK the computer is kept up to date. Possible solutions? Make a login where its impossible for him to install anything. Windows 7 standard account doesn't appear to be enough. Is a standard account enough here? I tried this once before and he still seemed to get IE toolbars installed up the wazoo Somehow make an automated image where if he 'messes up' or even on log off the computer restores the whole drive image. Similar to what I've seen in Kinko's Something I've not thought of.... And I know you are all going to say 'stop fixing it you are an enabler'... yes I know but I'm not going to have another fight with my wife over helping her family... right now I'm doing this to keep her happy not the idiot with the 'video' addiction ;-) So the name of the game is minimizing my overhead.

  Read the article

• 'pskill \\hostname winlogon' might budge a server "stuck rebooting", but why?

  - by Snoi

  Question: Executing remote (Sysinternals) command... pskill \\machine winlogon ...can budge a server that is stuck rebooting, but how/why does this work? How do you know which service to kill? To recreate (e.g.): You run Windows Update, allow a reboot, and ...NOTHING! RDP gets cut off but the server does not reboot. Just about every other service seems to stay up. Further Background: I've faced this problem on VMs hosted around the planet for some years, and used various sc.exe and shutdown commands to learn the state of and attempt remote reboot of servers in such a state, with limited success. Most datacentres don't offer any way to see the true console or power off/on such machines. They charge $$ for you to call them to do such simple things after hours, when you nearly always have to run your maint tasks. e.g. NET USE \\machine\IPC$ /USER:login password sc \\machine query RpcSs sc \\machine query TermService sc \\machine query wuauserv tasklist /s machine This occasionally works for me... shutdown /m \\machine /r /f /t: 0 ...but more often than not it fails with: A system shutdown is in progress (1115). I found this question, and the answer by @Tweek, and it worked really well, but was I just lucky? Can not RDP to Win 2003 box or initiate remote restart @Tweek said to run: pskill \\hostname winlogon ...and that got me past this situation in a new way (Server 2008 R2 in my most recent case) - really useful! I just need to understand if I got lucky or there is more science here. What I'd like to know is why the winlogon process? @Livne said to use "tasklist /s HostName" to see what is the culprit, but how do you tell from the listed output? It's just a list of running tasks etc. From that I would not know what to look for, nor could I see anything about the winlogon process that suggested to my eyes that was the one to kill.

  Read the article

• Using GitOAuthPlugin for Jenkins - not working as expected

  - by Blundell

  I need some clarity and maybe a fix. I'm using this plugin to authorise who views our Jenkins ci server: https://wiki.jenkins-ci.org/display/JENKINS/Github+OAuth+Plugin As I understand it anyone who is auth'd to view one of our github project's can also login to our Jenkins box. This works I thought it would also allow the person logging in to only view the Project that they have GitHub permission on. For instance. Three projects on GitHub (A,B,C). Three builds on Jenkins. User 1 has Git access to all 3 projects (A B C). User 2 has Git access to only 1 project (A). When logging into Jenkins: User 1 can see all 3 projects ( this works ) User 2 can only see project A The problem is User 2 can also see all 3 projects when they should only see 1! Have I got this correct, and if so is this a bug? I have the settings set in Jenkins configuration Github Authorization Settings. Here we have some admin users. One organization. And none out of the 4 checkboxes ticked. (User 2, is not an admin, is not part of the org). The plugin is open sourced here: https://github.com/mocleiri/github-oauth-plugin I was trying to get Jenkins to print me the Logs from the plugin but I also failed at viewing these (to see if there was an issue). I followed these instructions: https://wiki.jenkins-ci.org/display/JENKINS/Logging It's the same concept as outlined below but using GitHub rather than manually selecting users: https://wiki.jenkins-ci.org/display/JENKINS/2012/01/03/Allow+access+to+specific+projects+for+Users%28Assigning+security+for+projects+in+Jenkins%29 Have I got this right or wrong? Is it possible to auth a Jenkins user to only see one project?

  Read the article

• pfsense 2.0.1 Firewall SMB Share not showing up under network

  - by atrueresistance

  I have a freenas NAS with a SMB share running at 192.168.2.2 of a 192.168.2.0/28 network. Gateway is 192.168.2.1. Originally this was running on a switch with my LAN, but now having upgraded to new hardware the Freenas has it's own port on the firewall. Before the switch the freenas would show up under Network on a windows 7 box and an OSX Lion box as freenas{wins} or CIFS shares on freenas{osx} so I know it doesn't have anything do to with the freenas. Here are my pfsense rules. ID Proto Source Port Destination Port Gateway Queue Schedule Description PASS TCP FREENAS net * LAN net 139 (NetBIOS-SSN) * none cifs lan passthrough PASS TCP FREENAS net * LAN net 389 (LDAP) * none cifs lan passthrough PASS TCP FREENAS net * LAN net 445 (MS DS) * none cifs lan passthrough PASS UDP FREENAS net * LAN net 137 (NetBIOS-NS) * none cifs lan passthrough PASS UDP FREENAS net * LAN net 138 (NetBIOS-DGM) * none cifs lan passthrough BLOCK * FREENAS net * LAN net * * none BLOCK * FREENAS net * OPTZONE net * * none BLOCK * FREENAS net * 192.168.2.1 * * none PASS * FREENAS net * * * * none BLOCK * * * * * * none I can connect if I use \\192.168.2.2 and enter the correct login details. I would just like this to show up on the network. Nothing in the log seems to be blocked when I filter by 192.168.2.2. What port am I missing for SMB to show up under the network and not have to connect by IP? ps. Do I really need the LDAP rule?

  Read the article

• strange Postfix logwatch log summary on my ubuntu vps

  - by DannyRe

  Hi I would be very thankful if someone could help me on explaining this logwatch summary of my postfix installation on my ubuntu 10.04 vps. I dont really know if this might be a normal log file because of the many authentication failed entries and foreign IP addresses. Any advise for a novice? Thx! ****** Summary ************************************************************************************* 113 SASL authentication failed 195 Miscellaneous warnings 8.419K Bytes accepted 8,621 8.419K Bytes delivered 8,621 ======== ================================================== 3 Accepted 60.00% 2 Rejected 40.00% -------- -------------------------------------------------- 5 Total 100.00% ======== ================================================== 2 5xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 5xx Rejects 100.00% ======== ================================================== 116 Connections 1 Connections lost (inbound) 116 Disconnections 3 Removed from queue 3 Delivered 1 Hostname verification errors ****** Detail (10) ********************************************************************************* 113 SASL authentication failed -------------------------------------------------------------- 113 92.24.80.207 host-92-24-80-207.ppp.as43234.net 113 LOGIN 113 generic failure 195 Miscellaneous warnings ------------------------------------------------------------------ 113 SASL authentication failure: cannot connect to saslauthd server: Permission denied 41 inet_protocols: IPv6 support is disabled: Address family not supported by protocol 41 inet_protocols: configuring for IPv4 support only 2 5xx Reject relay denied ----------------------------------------------------------------- 1 46.242.103.110 unknown 1 [email protected] 1 114.42.142.103 114-42-142-103.dynamic.hinet.net 1 [email protected] 1 Connections lost (inbound) -------------------------------------------------------------- 1 After RCPT 3 Delivered ------------------------------------------------------------------------------- 3 myhost.xx 1 Hostname verification errors ------------------------------------------------------------ 1 Name or service not known 1 46.242.103.110 broadband-46-242-103-110.nationalcablenetworks.ru === Delivery Delays Percentiles ============================================================ 0% 25% 50% 75% 90% 95% 98% 100%

  Read the article

• Setting Ubuntu Global PATH for Ruby Enterprise Edition

  - by Wally Glutton

  Context: I recently installed Ruby Enterprise Edition (REE) on an Ubuntu 8.04 server. I would like for this new version of Ruby to globally supersede (for all users, crontabs, etc) the older version in /usr/local/bin. Attempted Solution #1: The REE documentation recommends placing the REE bin folder at the beginning of the global PATH in /etc/environment. I altered the PATH line in this file to read: PATH="/opt/ruby_ee/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" This did affect my PATH at all. Attempted Solution #2: Next I followed these instructions and updated the PATH setting in the /etc/login.defs and /etc/crontab files. (I did not change /etc/sudoers.) This didn't affect my PATH either, even after logging out and rebooting the server. Other information: I seem to be having the same problem described here. I'm testing using the command: echo $PATH My shell is bash. My .bashrc doesn't not alter my PATH. I'm ssh'ed into the system for all testing. /opt/ruby_ee/ is a sym-link to /opt/ruby-enterprise-1.8.7-2011.03/

  Read the article

• Nagios plug-in check_snmp receives NO SNMP data from a CISCO Router

  - by Shehryar

  I have tried setting up Nagios on Ubuntu 10.10, successfully installed and can login to web interface, I am however stuck on configuring snmp or I am doing something wrong here, i have followed various sites / nagios wiki to setup configuration (cfg) files. When I check on the web interface, it gives the following error on one of my cisco router: Current Status: UNKNOWN (for 0d 2h 55m 56s) Status Information: SNMP problem - No data received from host CMD: /usr/bin/snmpget -t 1 -r 5 -m RFC1213-MIB -v 1 [authpriv] 192.168.1.1:161 ifOperStatus.1 On the command-line itself, when I type the following, it just sits there waiting and waiting : sudo /usr/local/nagios/libexec/check_snmp -H 192.168.1.1 -C Routers -o sysUpTime.0 When I type the following command : I get an OK /usr/bin/snmpget -v1 192.168.1.1:161 1.3.6.1.2.1.1.5.0 -c "Routers" I have configured SNMP properly on our cisco device as we can collect SNMP Data via two other monitoring tool (SolarWinds and Manage Engine), we are tempted towards Nagios as its opensource. Will be grateful if someone could assist in rectifying this situation and guide me with setting up nagios to monitor Cisco Routers, Switches and a Few Servers. We want to monitor Bandwidth, cpu utilization, uptime and other necessary counters. Will be grateful for your assistance Thanks for reading Shehryar

  Read the article

• Editing a windows XP installation's registry without being able to log in.

  - by Alain

  I've got a windows XP installation that has a corrupt registry. A worm (which was removed) had hijacked the HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon entry (which should have a value of Userinit=C:\windows\system32\userinit.exe When the worm was removed, the corrupt entry was deleted entirely, and now the system automatically logs off immediately after attempting to log in. Regardless of the user and boot mode, no accounts can be logged in to. The only thing required to correct this behavior is to restore the registry key, but I cannot come up with any ways of editing the registry without logging in to an account. I tried remotely connecting to the registry but the required services aren't enabled on the machine. I tried booting on the same machine using the BartPE boot CD but I could not find any way of editing the registry on the C:\Windows installation - running regedit only modifies the X:\I386\ registry in memory. So, what can I use modify the registry of an un-login-able Windows XP instance so that I can log in again? Thanks guys. EDIT: The fix worked. The solution to the auto-logoff problem was, as hoped, to simply add the value mentioned above to the appropriate registry entry. This can be done using the BartPE Boot CD, as described in the accepted answer below, but I used the Offline NT Registry Editor software mentioned in another answer. The steps were: Boot from the NT Registry Editor CD Follow the directions until the appropriate boot sector is loaded. Instead of using one of the default options for modifying passwords or user accounts, type "software" to edit that hive. Type '9' to enter the command line based registry editor. Type "cd Microsoft" (enter) "cd Windows NT" (enter) "cd CurrentVersion" (enter) "cd Winlogon" (enter) Type "nv 1 Userinit" to create a new value under the Winlogon key Type "ev Userinit" to edit the new value, and when prompted, type "C:\windows\system32\userinit.exe" (enter) Type 'q' to quit the registry editor, and as you back out of the system, follow directions to write the hive back to disk. Restart your computer and log in - problem solved. (generic 'warning: back up your registry' disclaimer)

  Read the article

< Previous Page | 531 532 533 534 535 536 537 538 539 540 541 542  | Next Page >