How to configure the applet use Kerberos authentication
Hi all:
I know few about the java or applet security and hope someone can help me.
I have a MS IIS Web server named win2003stdbase1 and it use Kerberos authentication, and the
web server host a jar file.The client machine has jdk1.5 installed.When the client visit a html page which contains a java applet,the jre starts the applet and a dialog "Password Needed -Networking" popups.Then we input the right user name and the password,but the dialog popup again.The dialog display these message:
Server: win2003stdbase1/192.168.0.43
Scheme: ntlm
UserName:
Password:
Domain:
I suspect that the applet use the ntlm authentcation method which different from the web server,and I want it to use Kerberos authentication.How can I achieve this?
Any suggestion or idear will be appreciated.Thanks.
Are there anyone can help on this? It is a urgent issue. Also if I did not explain it clearly, please let me know.Thanks.
Similar Messages
-
How to configure the router using Expand box?
I need help on configuring the Cisco routers.
Here's the scenario...
I want to compress as much all packets COMING IN to our network to optimize the bandwidth. When users from Lan accessing the internet, it goes out to our GW1 but I want the RETURN internet packets will go first to Expand 2 for compression then goes to Expand1 for decompression. Please see attached network diagram setup. All Expand appliances are already configured. Thanks.
What configuration should be in GW1 and R2, both C2851?Hi Daniel,
I configure it as PBR so that all www traffic will be pass to that tunnel. I want all www traffic from Area 1 to Area 2 (vice versa) will pass to IPComp Tunnel (see diagram below). I configure a policy based routing in each router. Did I miss something in router configuration? Did I apply the PBR in right interfaces? How can I configure also the returned www traffic in Router 2? I really appreciate for any response. Thank you.
ROUTER 1
interface GigabitEthernet0/0
ip policy route-map EXPAND_AREA1
route-map EXPAND_AREA1 permit 10
description IPCOM TUNNEL TO AREA2
match ip address EXPAND_ACL
set ip next-hop A.A.A.2
ip access-list extended EXPAND_ACL
remark PACKETS THAT PASSES TO IPC TUNNEL
permit tcp any any eq www
========================================
ROUTER 2
interface GigabitEthernet0/0
ip policy route-map EXPAND_AREA2
route-map EXPAND_AREA2 permit 10
description IPCOM TUNNEL TO AREA1
match ip address EXPAND_ACL
set ip next-hop D.D.D.2
ip access-list extended EXPAND_ACL
remark PACKETS THAT PASSES TO IPC TUNNEL
permit tcp any any eq www -
I have two forests with a transitive on-way trust between them: PROD -> TEST (test trusts PROD). I had previously had kerberos authentication working with winrm from PROD to machines in TEST. I have verified the trust is healthy, I also verified users
in TEST can use WINRM with kerberos just fine. Users from PROD cannot connect via kerberos to machines in TEST with winrm.
I have verified the service has registered the appropriate SPNs. I ran dcdiag against all my PROD and TEST domain controllers and didn't find anything that would prevent kerberos from happening. I even tried disabling the firewall entirely on my TEST dcs
but that didn't gain me anything.
I've enabled kerberos logging but only see the expected errors such as it couldn't find a PROD SPN for the machine, which it shouldn't from what I understand, it should go to the TEST domain and find the SPN from there.
I'm really out of next steps before I call PSS and hope someone here has run into this and could provide me some next steps.
PowerShell Error:
Connecting to remote server failed with the following error message : WinRM cannot process the request. The following error occured while using Kerberos authentication: The network path was not found.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
winrs Error:
Winrs error:
WinRM cannot process the request. The following error occured while using Kerberos authentication: The network path was not found.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config.Hi Adam,
I'm a little unclear about which SPNs you were looking for, in which case could you confirm you were checking that on the computer object belonging to the actual destination host it has the following SPNs registered?
WSMAN/<NetBIOS name>
WSMAN/<FQDN>
If you were actually trying to use WinRM to connect to the remote forest's domain controllers, then what you said makes sense, but I was caught between assuming this was the case or you meant another member server in that remote forest.
Also, from the client trying to connect to this remote server, are you able to telnet to port 5985? (If you've used something other than the default, try that port)
If you can't, then you've got something else like a firewall (be that the Windows firewall on the destination or a hardware firewall somewhere in between) blocking you at the port level, or the listener on the remote box just isn't working as expected. I
just replied to your other winrm post with steps for checking the latter, so I won't repeat myself here.
If you can telnet to it and the SPNs exist, then you might be up against something called selective authentication which has to do with how the trust was defined. You can have a read of
this to learn a bit more about selective trusts and whether or not it's affecting you.
Cheers,
Lain -
How to configure the .ini file with applet
hai
i am using native methods in that methods they use some ip addresses. when i am using that native methods in applet run the applet using appletviewer tool it works fine but when i am open that applet using html page browser not configure that .ini file data .how to configure that .ini file with browserHi Jay SenSharma,
Thanks for your immediate response.
I saw your URL links, But in your link give the recursive deployment using wlst. But my question is how to configure the oracle weblogic library files into Admin server & Managed Servers by using the wls.jar file through wlst script to create the new domain.
But if create the new domain by using GUI mode then we manually give the admin server port number & managed servers port number and name.
By default the library files are configured with the Admin server in GUI mode. But the Managed server the Library files are not configured with the Managed servers. Then we manually select all the library files to the corresponding managed servers. Then only the applications are deployed into the corresponding managed server.
Regards,
S.vinoth Babu -
I purchased a 3TB Airport Time Capsule to use with my Mac running latest Maverics. After 8 hours been able to configure the box using Ethernet connection but now I want to move my current backups from my small driveand it wants authentication but no box is available to provide my administrator name can anyone help ?
I overcame the permissions by allowing both paths to have read and write access to anyone but that didnt solve it until I copied it into the DATA directory which I created on the Airport Time Capsule.
I had already discovered the TIME MACHINE How to transfer backups but I am struggling still with the item and cannot currently get it to work. My setup seems to have created a wireless link to my router which is what I wanted and in that set up there are three options. I have simply gone for the extension of my network. I ignored the other option there which I cannot remember something like DNS? That may be the problem becasuse when I remove the Ethernet connector it just doesnt go anywhere.
I have also found I cannot update my TIME MACHINE software (currently 1.3) as although Apple tell me I should be able to set backups hourly daily or weekly I have only ever been able to run it hourly when i would prefer longer intervals so thought an update might be necssary.
Also tried to get an update for my Airport Utility (Currently 6.3.2 but cannot find one even though I have read there might be one available and again this might be the problem.
Have reset the Time Capsule now about a dozen times.
Following the instructions and trying to copy my existing backup it suggests you need to copy it to the root directory but that is when I get some sort of security issue and I found I could only get it to accept if I dragged my .backupdb to the DATA directory on the Time Capsule. I dont even know if I do this it will work when I come to use it.
I therefore found your reply of no more help than i had discovered but I hope you return to read this note because I really do need some help.
I am intending starting again in the next couple of days and fully documenting what I do and what I see and then as I suspect it will be no different and I will then seek an appointment at the Apple Store in Trafford Centre and if that proves unsuccessful then I still have time to return and become a dissatisfied customer with Apple for the first time in a long experience with Apple. I have noticed frightening notes on the conversations which point to problems of Mavericks working with Airport Time Machine!! So in the end it might not be me doing anything wrong. Unfortunately you do feel left out in the dark sometimes that is why I hope you can respond with a solution? -
How do I know WinRM uses Kerberos for authentication, and does not fall-back to NTLM?
Hi,
How do I know WinRM uses Kerberos for authentication, and does not fall-back to NTLM?
/SaiTechHi SaiTech,
Kerberos will be selected by default in an AD domain, The default (assuming the client is in a domain, and is not connecting to itself via 127.0.0.1 or ::1 addresses) is to use Kerberos authentication, and not to fall back to NTLM.
Please also Note that you may have to take some other steps as well to get non-Kerberos authentication working. Specifically, you'd have to set up an HTTPS listener on the remote host, or modify the client's TrustedHosts list.
Refer to:
WINRM kerberos & Negotiate
Authentication for Remote Connections
In addition, you can also use Network Monitor to check the authentication method.
If there is anything else regarding this issue, please feel free to post back.
If you have any feedback on our support, please click here.
Best Regards,
Anna Wang
TechNet Community Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
I have ASA 5505 8.4. How to configure the switch to the backup channel to the primary with a delay (for example 5 min.) using the SLA monitor?
Or as something else to implement it?
My configuration for SLA monitor:
sla monitor 123
type echo protocol ipIcmpEcho IP_GATEWAY_MAIN interface outside_cifra
num-packets 3
timeout 3000
frequency 10
sla monitor schedule 123 life forever start-time now
track 1 rtr 123 reachabilityHey cadet alain,
thank you for your answer :-)
I have deleted all such attempts not working, so a packet-trace will be not very useful conent...
Here is the LogLine when i try to browse port 80 from outside (80.xxx.xxx.180:80) without VPN connection:
3
Nov 21 2011
18:29:56
77.xxx.xxx.99
59068
80.xxx.xxx.180
80
TCP access denied by ACL from 77.xxx.xxx.99/59068 to outside:80.xxx.xxx.180/80
The attached file is only the show running-config
Now i can with my AnyConnect Clients, too, but after connection is up, my vpnclients can't surf the web any longer because anyconnect serves as default route on 0.0.0.0 ... that's bad, too
Actually the AnyConnect and Nat/ACL Problem are my last two open Problems until i setup the second ASA on the right ;-)
Regards.
Chris -
How to configure the use of WS-RM in "PI 7.11 EHP1?
How to configure the use of WS-RM in "PI 7.11 EHP1?
Currently in the editing window of the communication channel (adapter type WS), I can not see any options regarding Reliable Messaging protocol (WS-RM).
The scenario that is required is as follows.
(Consumer WS-RM) -> (Provider WS-RM PI 7.11 EHP1) -> (ABAP Proxy Backend NW 7.0)
I would greatly appreciate any help,
Thanks,
Roger.
Edited by: Roger Solano on Apr 7, 2011 10:31 PMWS adapter supports WS Reliable Messaging. But WS adapter is used to communicate between two SAP web service runtime.
Check this blog and its links for understanding direct connection or point to point communcation using WS adapter
/people/william.li/blog/2008/02/13/point-to-point-connection-using-abap-in-sap-using-pi-71
Hoe that helps. -
How to configure the MOSS Crystalreportviewer using ActivX
Post Author: dileepj
CA Forum: General Feedback
Hi
I am using the MOSS BO integration Kit, and have used the crystalreportsviewer web part. But I want to configure the web part to use the ActiveX component. I would like to get some pointers as how to configure the web part to use the activeX viewer.
Thanks in advance
Dileep Josehow to access excel files using java.i know
jakaratapoi is support to access excel files
how?The home page for POI has all the how to's replied. :)
http://jakarta.apache.org/poi/hssf/how-to.html
http://jakarta.apache.org/poi/hssf/quick-guide.html -
How to configure router to use ip pool on the aaa server for vpn clients
how to configure router to use ip pool on the aaa server for vpn clients . i want to use vpn clients to connect to the router. authenticate using the aaa server username databse and also use the ip pool cretaed on the aaa server. i am not able to find the command on the router pointing to use the pool created on the aaa server. can u some one help me with this command.
sebastanHello Sebastan,
what do you use as AAA server (e.g. ACS with TACACS+ or RADIUS) ?
Regards,
GNT -
Configuring WACS for AD-kerberos Authentication in XI 3.1
Hi,
Installed WACS (WebApplication Container Server) and trying to configure CMC hosted on it, for AD-Kerberos authentication in XI 3.1.Followed all the steps inu201D XI 3.1 admin guideu201D but when trying to login to CMC using Kerberos authentication getting the error u201CAccount Information Not Recognized: Active Directory failed to log you onu2026u201D
Then installed Tomcat on the same machine and deployed Infoview and CMC on it. Able to login to CMC and Infoview hosted on tomcat using Kerberos authentication, but still Kerberos authentication is failing with WACS.
Also enabled Kerberos logging for WACS, by adding the command line parameters
u201C-Dcrystal.enterprise.trace.configuration=verbose
-Djcsi.kerberos.debug=trueu201D
But not getting any useful from WebApplicationContainerServer_stdout.log.
Could you please suggest me know how to proceed here.
Regards,
Saikrishna.Hi Tim,
Yes. Did put the paths for krb5.ini and bscLogin.conf in the properties section of WACS.
Tried deleting the WACS server (Right click and u201CDeleteu201D the server)->Created the server again from Home->Servers->Core Services->Manage->New->New server.
But getting the same issue, able to login to WACS with enterprise authentication but AD is failing. Anything else I may need to check?
Regards,
Saikrishna. -
How to configure Firefox to use OpenVPN?
summary: I'm running OpenVPN from a Debian client through a Debian jumpbox/server. After I [start the server, start the client] most IP-based applications (DNS, ping, ssh) seem to work from the client, but client's Firefox cannot connect to http://www.whatismyip.com/ (or any other URI). How to configure Firefox to use the VPN? or otherwise fix the problem? or further debug it?
details:
I have a laptop running debian_version==jessie/sid with Firefox version=33.0 which needs to access a compute cluster. The cluster formerly required only an SSL VPN (enabled by a Firefox plugin) to access, but now has several additional requirements, which I seek to satisfy by running the SSL VPN through a jumpbox running an OpenVPN server. The jumpbox is running a "vanilla" Debian 7.7.
I have been using the laptop successfully for a few years without network problems. Currently I have the laptop connected by wire directly to an ISP-supplied modem/router. With `openvpn` NOT running on the laptop, I see:
* `ifconfig` shows no entry='tun0' (just "the usual" entries for 'eth0', 'lo', 'wlan0'), and shows the expected client IP# bound to 'eth0'.
* I can `ping` my jumpbox/server using its real IP#, but cannot `ping 10.8.0.1`
* I can `ssh` to my jumpbox/server using its real IP#, but cannot `ssh 10.8.0.1`
* `nslookup www.whatismyip.com` gives correct results
* browsing to http://www.whatismyip.com/ shows my client's IP# (as also shown in `ifconfig`)
Both my client/laptop and server/jumpbox setups are quite generic OpenVPN-wise, and are almost exactly as described on the Debian wiki
https://wiki.debian.org/openvpn%20for%20server%20and%20client
me@jumpbox:~$ date ; cat /etc/openvpn/server.conf
Sat Nov 8 16:49:00 EST 2014
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8" # google public DNS
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
me@laptop:~$ date ; cat /etc/openvpn/client1.conf
Sat Nov 8 16:51:31 EST 2014
client
dev tun
proto udp
remote ser.ver.IP.num 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
mute-replay-warnings
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client1.crt
key /etc/openvpn/client1.key
ns-cert-type server
comp-lzo
verb 3
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
My jumpbox/server firewall is currently set to forward everything, using `iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE`:
me@jumpbox:~$ date ; sudo iptables -L
Sat Nov 8 16:42:06 EST 2014
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
After I start `openvpn` on first the server and then the client, I see no OpenVPN errors on either the server or the client:
me@jumpbox:~$ sudo openvpn --script-security 2 --config /etc/openvpn/server.conf &
Sat Nov 8 17:48:25 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
Sat Nov 8 17:48:25 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Nov 8 17:48:25 2014 Diffie-Hellman initialized with 1024 bit key
Sat Nov 8 17:48:25 2014 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Nov 8 17:48:25 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
Sat Nov 8 17:48:25 2014 ROUTE default_gateway=ser.ver.gate.way
Sat Nov 8 17:48:25 2014 TUN/TAP device tun0 opened
Sat Nov 8 17:48:25 2014 TUN/TAP TX queue length set to 100
Sat Nov 8 17:48:25 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Nov 8 17:48:25 2014 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Sat Nov 8 17:48:25 2014 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Sat Nov 8 17:48:25 2014 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Nov 8 17:48:25 2014 GID set to nogroup
Sat Nov 8 17:48:25 2014 UID set to nobody
Sat Nov 8 17:48:25 2014 UDPv4 link local (bound): [undef]
Sat Nov 8 17:48:25 2014 UDPv4 link remote: [undef]
Sat Nov 8 17:48:25 2014 MULTI: multi_init called, r=256 v=256
Sat Nov 8 17:48:25 2014 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sat Nov 8 17:48:25 2014 ifconfig_pool_read(), in='TomRoche,10.8.0.4', TODO: IPv6
Sat Nov 8 17:48:25 2014 succeeded -> ifconfig_pool_set()
Sat Nov 8 17:48:25 2014 IFCONFIG POOL LIST
Sat Nov 8 17:48:25 2014 TomRoche,10.8.0.4
Sat Nov 8 17:48:25 2014 Initialization Sequence Completed
me@laptop:~$ sudo openvpn --script-security 2 --config /etc/openvpn/client1.conf &
Sat Nov 8 17:49:12 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Nov 8 17:49:12 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
Sat Nov 8 17:49:12 2014 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Nov 8 17:49:12 2014 UDPv4 link local: [undef]
Sat Nov 8 17:49:12 2014 UDPv4 link remote: [AF_INET]jump.box.IP.num:1194
Sat Nov 8 17:49:12 2014 TLS: Initial packet from [AF_INET]jump.box.IP.num:1194, sid=25df7af6 0ece4089
Sat Nov 8 17:49:13 2014 VERIFY OK: depth=1, <my config data/>
Sat Nov 8 17:49:13 2014 VERIFY OK: nsCertType=SERVER
Sat Nov 8 17:49:13 2014 VERIFY OK: depth=0, <my config data/>
Sat Nov 8 17:49:14 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov 8 17:49:14 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov 8 17:49:14 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov 8 17:49:14 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov 8 17:49:14 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Nov 8 17:49:14 2014 [TomRoche] Peer Connection Initiated with [AF_INET]jump.box.IP.num:1194
Sat Nov 8 17:49:16 2014 SENT CONTROL [TomRoche]: 'PUSH_REQUEST' (status=1)
Sat Nov 8 17:49:16 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: timers and/or timeouts modified
Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: --ifconfig/up options modified
Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: route options modified
Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Nov 8 17:49:16 2014 ROUTE_GATEWAY lap.top.gate.way/255.255.255.0 IFACE=eth0 HWADDR=la:pt:op:MAC:ad:dr
Sat Nov 8 17:49:16 2014 TUN/TAP device tun0 opened
Sat Nov 8 17:49:16 2014 TUN/TAP TX queue length set to 100
Sat Nov 8 17:49:16 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Nov 8 17:49:16 2014 /sbin/ip link set dev tun0 up mtu 1500
Sat Nov 8 17:49:16 2014 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Sat Nov 8 17:49:16 2014 /etc/openvpn/update-resolv-conf tun0 1500 1542 10.8.0.6 10.8.0.5 init
dhcp-option DNS 8.8.8.8
Sat Nov 8 17:49:16 2014 /sbin/ip route add lap.top.IP.num/32 via lap.top.gate.way
Sat Nov 8 17:49:16 2014 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Sat Nov 8 17:49:16 2014 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Sat Nov 8 17:49:16 2014 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Sat Nov 8 17:49:16 2014 GID set to nogroup
Sat Nov 8 17:49:16 2014 UID set to nobody
Sat Nov 8 17:49:16 2014 Initialization Sequence Completed
I then see the following on my client:
* `ifconfig` shows a new entry=`tun0`, which looks correct
* I can `ping` the server using either its real IP# or `10.8.0.1`
* I can `ssh` to the server using either its real IP# or `10.8.0.1`
* `nslookup www.whatismyip.com` gives correct results
... but I get no connection if I open a new instance of Firefox and browse to http://www.whatismyip.com/ :-( "Looking up www.whatismyip.com..." succeeds quickly but the status line continues to display "Connecting to www.whatismyip.com..." until the attempt times out. I also get the same behavior (connection timeout) if I open a new instance of Chrome, or if I browse to http://www.whatismyip.com/ with a Firefox opened prior to starting OpenVPN. FWIW I get the same behavior browsing to any URI, including (e.g.) Google.
This is a major problem for me! For the SSL VPN to work, I need to start a Firefox and run it (since the SSL VPN's vendor only supports it on Linux via a Firefox plugin) to access a particular remote-access website. Furthermore I need the SSL VPN to run through the jumpbox/OpenVPN. (Don't ask, it's a long, sad story ...)
Is there something I must do to configure Firefox to use the VPN? Or is there some other way to fix this?
Alternatively, what should I do to further debug the problem? It just seems odd to me that the other services work (e.g., `nslookup`, `ssh`) but Firefox does not. That being said, both Firefox and Chrome fail in this usecase, so the problem might be generic to web browsers.
your assistance is appreciated, Tom Roche <[email protected]>You're kidding. You have to go through that rigamarole just to put your bookmarks on your own server? Where's the simple FTP option?
Also, the above-linked article has a broken link. The link to the weaveserver (which is what you have to set up on your own server) is no good, and there is no obvious replacement. There are plenty of Weave-related repositories here:
http://hg.mozilla.org/labs
but it's not clear what you need. -
How to configure the smtp server..
i had an error when running the java mail program..
this is my program
import javax.mail.*;
import javax.mail.internet.*;
import javax.activation.*;
import java.io.*;
import java.util.Properties;
public class MailClient
public void sendMail(String mailServer, String from, String to,
String subject, String messageBody,
String[] attachments) throws
MessagingException, AddressException
// Setup mail server
Properties props = System.getProperties();
props.put("mail.smtp.host", mailServer);
// Get a mail session
Session session = Session.getDefaultInstance(props, null);
// Define a new mail message
Message message = new MimeMessage(session);
message.setFrom(new InternetAddress(from));
message.addRecipient(Message.RecipientType.TO, new InternetAddress(to));
message.setSubject(subject);
// Create a message part to represent the body text
BodyPart messageBodyPart = new MimeBodyPart();
messageBodyPart.setText(messageBody);
//use a MimeMultipart as we need to handle the file attachments
Multipart multipart = new MimeMultipart();
//add the message body to the mime message
multipart.addBodyPart(messageBodyPart);
// add any file attachments to the message
// addAtachments(attachments, multipart);
// Put all message parts in the message
message.setContent(multipart);
// Send the message
Transport.send(message);
protected void addAtachments(String[] attachments, Multipart multipart)
throws MessagingException, AddressException
for(int i = 0; i<= attachments.length -1; i++)
String filename = attachments;
MimeBodyPart attachmentBodyPart = new MimeBodyPart();
//use a JAF FileDataSource as it does MIME type detection
DataSource source = new FileDataSource(filename);
attachmentBodyPart.setDataHandler(new DataHandler(source));
//assume that the filename you want to send is the same as the
//actual file name - could alter this to remove the file path
attachmentBodyPart.setFileName(filename);
//add the attachment
multipart.addBodyPart(attachmentBodyPart);
public static void main(String[] args)
try
MailClient client = new MailClient();
String server="smtp.canvasindia.com";
String from="[email protected]";
String to = "[email protected]";
String subject="Test";
String message="Testing";
String[] filenames ={"c:/A.java"};
client.sendMail(server,from,to,subject,message,filenames);
catch(Exception e)
e.printStackTrace(System.out);
the error is .................
javax.mail.SendFailedException: Invalid Addresses;
nested exception is:
com.sun.mail.smtp.SMTPAddressFailedException: 553 Attack detected from p
ool 59.144.8.116. <http://unblock.secureserver.net/?ip=59.144.8.*>
at com.sun.mail.smtp.SMTPTransport.rcptTo(SMTPTransport.java:1196)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:584)
at javax.mail.Transport.send0(Transport.java:169)
at javax.mail.Transport.send(Transport.java:98)
at MailClient.sendMail(MailClient.java:47)
at MailClient.main(MailClient.java:84)
Caused by: com.sun.mail.smtp.SMTPAddressFailedException: 553 Attack detected fro
m pool 59.144.8.116. <http://unblock.secureserver.net/?ip=59.144.8.*>
at com.sun.mail.smtp.SMTPTransport.rcptTo(SMTPTransport.java:1047)
... 5 more
how to configure the smtp server in my machine..
please guide me...This uses gmail account, and gmail smtp
* MailSender.java
* Created on 14 November 2006, 17:07
* This class is used to send mails to other users
package jmailer;
* @author Abubakar Gurnah
import javax.mail.*;
import javax.mail.internet.*;
import java.util.*;
public class MailSender{
private String d_email,d_password;
* This example is for gmail, you can use any smtp server
* @param d_email --> your gmail account e.g. [email protected]
* @param d_password --> your gmail password
* @param d_host --> smtp.gmail.com
* @param d_port --> 465
* @param m_to --> [email protected]
* @param m_subject --> Subject of the message
* @param m_text --> The main message body
public String send(String d_email,String d_password,String d_host,String d_port,
String m_from,String m_to,String m_subject,String m_text ) {
this.d_email=d_email;
this.d_password=d_password;
Properties props = new Properties();
props.put("mail.smtp.user", d_email);
props.put("mail.smtp.host", d_host);
props.put("mail.smtp.port", d_port);
props.put("mail.smtp.starttls.enable","true");
props.put("mail.smtp.auth", "true");
//props.put("mail.smtp.debug", "true");
props.put("mail.smtp.socketFactory.port", d_port);
props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.socketFactory.fallback", "false");
SecurityManager security = System.getSecurityManager();
try {
Authenticator auth = new SMTPAuthenticator();
Session session = Session.getInstance(props, auth);
//session.setDebug(true);
MimeMessage msg = new MimeMessage(session);
msg.setText(m_text);
msg.setSubject(m_subject);
msg.setFrom(new InternetAddress(m_from));
msg.addRecipient(Message.RecipientType.TO, new InternetAddress(m_to));
Transport.send(msg);
return "Successful";
} catch (Exception mex) {
mex.printStackTrace();
return "Fail";
//public static void main(String[] args) {
// MailSender blah = new MailSender();
private class SMTPAuthenticator extends javax.mail.Authenticator {
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(d_email, d_password);
} -
Exchange 2010 sp2 emc initialization error using "kerberos" authentication failed
We use exchange 2010 SP2.
We have 2 management stations, both w2k8 R2 SP1.
I have one mangement station on which the emc and ems works ok.
On the other management staiton (which is also in another ad site) the emc and ems don't work.
I get the following error message : The attempt to connect to
http://fqdnCasServer/PowerShell using "Kerberos" authentication failed: Connecting to remote server failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
I have checked the time on the management station and on the exchange server and this is ok.
It is not a permissions issue because the user functions ok on the other management station.
On the bad management station I can open the emc once and after a minute I get an error message and the message access denied. From then on I can't connect any more.
What am I doing wrong?
Anyone any tips?
Thanks,
JBThis is what I get in the eventlog of the bad management station.
Log Name: MSExchange Management
Source: MSExchange CmdletLogs
Date: 1/10/2012 11:39:27
Event ID: 6
Task Category: (1)
Level: Error
Keywords: Classic
User: N/A
Computer: Server.domain.com
Description:
The description for Event ID 6 from source MSExchange CmdletLogs cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Get-ExchangeServer
{Identity=Servername}
Domain/ou/ou/ou/ou/username
Exchange Management Console-Local
3080
22
00:00:00.3593888
View Entire Forest: 'True', Configuration Domain Controller: 'FQDN DC', Preferred Global Catalog: 'FQDN DC', Preferred Domain Controllers: '{ FQDN DN }'
Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException: The operation couldn't be performed because object 'FQDN MGMTSTATION' couldn't be found on 'FQDN DC'.
Context
the message resource is present but the message is not found in the string/message table
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MSExchange CmdletLogs" />
<EventID Qualifiers="49152">6</EventID>
<Level>2</Level>
<Task>1</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-10-01T09:39:27.000000000Z" />
<EventRecordID>11</EventRecordID>
<Channel>MSExchange Management</Channel>
<Computer>FQDN MGMT STATION</Computer>
<Security />
</System>
<EventData>
<Data>Get-ExchangeServer</Data>
<Data>{Identity=MGMT STATION}</Data>
<Data>domain/ou/ou/ou/ou/username</Data>
<Data>
</Data>
<Data>
</Data>
<Data>Exchange Management Console-Local</Data>
<Data>3080</Data>
<Data>
</Data>
<Data>22</Data>
<Data>00:00:00.3593888</Data>
<Data>View Entire Forest: 'True', Configuration Domain Controller: 'FQDN DC', Preferred Global Catalog: 'FQDN DC', Preferred Domain Controllers: '{ FQDN DC }'</Data>
<Data>Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException: The operation couldn't be performed because object 'FQDN MGMT STATION' couldn't be found on 'FQDN DC'.</Data>
<Data>Context</Data>
<Data>
</Data>
</EventData>
</Event> -
How to configure sendmail to use multiple LDAP servers ?
Hi everybody!
I have a sendmail running on Solaris 10 and a LDAP server(192.168.1.9) also running Solaris 10 OS. I have configured the sendmail the following way:
bash-3.00# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=email,dc=reso,dc=ru
NS_LDAP_BINDPASSWD= {NS1}*********************
NS_LDAP_SERVERS= 192.168.1.9
NS_LDAP_SEARCH_BASEDN= dc=email,dc=domain,dc=ru
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= sub
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= default
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_BIND_TIME= 10
I also have another LDAP server (IP 192.168.1.10). It is configured as a replicant of the 192.168.1.9 LDAP server.
The question is how can i configure sendmail to use both LDAP servers ?
The man pages explain how to configure ldapclient to use ONE server and what if want to use two or more? All the settings and the profiles the same.
Thanks in advance =))Hi!
To add LDAP servers to the Solaris ldapclient, you might use the ldapclient command:
ldapclient manual -v -a defaultServerList="servera.yourdomain.com serverb.yourdomain.com"
But this is only failover, AFAIK the Solaris ldapclient does not perform loadbalancing by itself.
But I am not sure about your sendmail programm. Normally, sendmail has its own configuration
and can be configured to use LDAP e.g. for aliases etc.
Regards!
Rainer
Maybe you are looking for
-
PI 7.1 Exchange profile parameter:
Hi I got a chance to have a look at PI 7.1. While going through the Exchange Profile parameters, I found a new addition to the existing parameter list. Its called internal. I could not find any information about it. help.sap documenation also does no
-
Automatically displaying date of last page change
I think I remember seeing this a year or so ago, but I can't find it. Is there a way to grab the date that a page was last modified and display that on the page? It seems like there should be and easy way, since the information shows up in the develo
-
Can anybody point me to a good punch-in-punch-out tutorial?
I'm looking to fix small mistakes in some guitar tracks. Thanks.
-
How do I control the Facebook preview image?
Help! How do I control the preview image that appears when link is shared on Facebook? Tried adding code snippet under the <head>, on html view of the page in Business Catalyst... with no luck.
-
hi,i installed xorg and gnome,including extras on my newly installed archlinux.When i booted into arch,and logged in as non-root user and typed: "startx" in console,the screen made as if it were to start the graphical environment,but finally it could