How to configure the applet  use Kerberos authentication

Similar Messages

• How to configure the router using Expand box?

  I need help on configuring the Cisco routers.
  Here's the scenario...
  I want to compress as much all packets COMING IN to our network to optimize the bandwidth. When users from Lan accessing the internet, it goes out to our GW1 but I want the RETURN internet packets will go first to Expand 2 for compression then goes to Expand1 for decompression. Please see attached network diagram setup. All Expand appliances are already configured. Thanks.
  What configuration should be in GW1 and R2, both C2851?

  Hi Daniel,
  I configure it as PBR so that all www traffic will be pass to that tunnel. I want all www traffic from Area 1 to Area 2 (vice versa) will pass to IPComp Tunnel (see diagram below). I configure a policy based routing in each router. Did I miss something in router configuration? Did I apply the PBR in right interfaces? How can I configure also the returned www traffic in Router 2? I really appreciate for any response. Thank you.
  ROUTER 1
  interface GigabitEthernet0/0
    ip policy route-map EXPAND_AREA1
  route-map EXPAND_AREA1 permit 10
    description IPCOM TUNNEL TO AREA2
    match ip address EXPAND_ACL
    set ip next-hop A.A.A.2
  ip access-list extended EXPAND_ACL
    remark PACKETS THAT PASSES TO IPC TUNNEL
    permit tcp any any eq www
  ========================================
  ROUTER 2
  interface GigabitEthernet0/0
    ip policy route-map EXPAND_AREA2
  route-map EXPAND_AREA2 permit 10
    description IPCOM TUNNEL TO AREA1
    match ip address EXPAND_ACL
    set ip next-hop D.D.D.2
  ip access-list extended EXPAND_ACL
    remark PACKETS THAT PASSES TO IPC TUNNEL
    permit tcp any any eq www

• WinRM cannot process the request. The following error occured while using Kerberos authentication: The network path was not found.

  I have two forests with a transitive on-way trust between them: PROD -> TEST (test trusts PROD). I had previously had kerberos authentication working with winrm from PROD to machines in TEST. I have verified the trust is healthy, I also verified users
  in TEST can use WINRM with kerberos just fine. Users from PROD cannot connect via kerberos to machines in TEST with winrm.
  I have verified the service has registered the appropriate SPNs. I ran dcdiag against all my PROD and TEST domain controllers and didn't find anything that would prevent kerberos from happening. I even tried disabling the firewall entirely on my TEST dcs
  but that didn't gain me anything.
  I've enabled kerberos logging but only see the expected errors such as it couldn't find a PROD SPN for the machine, which it shouldn't from what I understand, it should go to the TEST domain and find the SPN from there.
  I'm really out of next steps before I call PSS and hope someone here has run into this and could provide me some next steps.
  PowerShell Error:
  Connecting to remote server failed with the following error message : WinRM cannot process the request. The following error occured while using Kerberos authentication: The network path was not found.  
   Possible causes are:
    -The user name or password specified are invalid.
    -Kerberos is used when no authentication method and no user name are specified.
    -Kerberos accepts domain user names, but not local user names.
    -The Service Principal Name (SPN) for the remote computer name and port does not exist.
    -The client and remote computers are in different domains and there is no trust between the two domains.
   After checking for the above issues, try the following:
    -Check the Event Viewer for events related to authentication.
    -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
   Note that computers in the TrustedHosts list might not be authenticated.
     -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
      + CategoryInfo          : OpenError: (:) [], PSRemotingTransportException
      + FullyQualifiedErrorId : PSSessionStateBroken
  winrs Error:
  Winrs error:
  WinRM cannot process the request. The following error occured while using Kerberos authentication: The network path was not found.  
   Possible causes are:
    -The user name or password specified are invalid.
    -Kerberos is used when no authentication method and no user name are specified.
    -Kerberos accepts domain user names, but not local user names.
    -The Service Principal Name (SPN) for the remote computer name and port does not exist.
    -The client and remote computers are in different domains and there is no trust between the two domains.
   After checking for the above issues, try the following:
    -Check the Event Viewer for events related to authentication.
    -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
   Note that computers in the TrustedHosts list might not be authenticated.
     -For more information about WinRM configuration, run the following command: winrm help config.

  Hi Adam,
  I'm a little unclear about which SPNs you were looking for, in which case could you confirm you were checking that on the computer object belonging to the actual destination host it has the following SPNs registered?
  WSMAN/<NetBIOS name>
  WSMAN/<FQDN>
  If you were actually trying to use WinRM to connect to the remote forest's domain controllers, then what you said makes sense, but I was caught between assuming this was the case or you meant another member server in that remote forest.
  Also, from the client trying to connect to this remote server, are you able to telnet to port 5985? (If you've used something other than the default, try that port)
  If you can't, then you've got something else like a firewall (be that the Windows firewall on the destination or a hardware firewall somewhere in between) blocking you at the port level, or the listener on the remote box just isn't working as expected. I
  just replied to your other winrm post with steps for checking the latter, so I won't repeat myself here.
  If you can telnet to it and the SPNs exist, then you might be up against something called selective authentication which has to do with how the trust was defined. You can have a read of
  this to learn a bit more about selective trusts and whether or not it's affecting you.
  Cheers,
  Lain

• How to configure the .ini file with applet

  hai
  i am using native methods in that methods they use some ip addresses. when i am using that native methods in applet run the applet using appletviewer tool it works fine but when i am open that applet using html page browser not configure that .ini file data .how to configure that .ini file with browser

  Hi Jay SenSharma,
  Thanks for your immediate response.
  I saw your URL links, But in your link give the recursive deployment using wlst. But my question is how to configure the oracle weblogic library files into Admin server & Managed Servers by using the wls.jar file through wlst script to create the new domain.
  But if create the new domain by using GUI mode then we manually give the admin server port number & managed servers port number and name.
  By default the library files are configured with the Admin server in GUI mode. But the Managed server the Library files are not configured with the Managed servers. Then we manually select all the library files to the corresponding managed servers. Then only the applications are deployed into the corresponding managed server.
  Regards,
  S.vinoth Babu

• I purchased a 3TB Airport Time Capsule After 8 hours been able to configure the box using Ethernet connection but now I want to move my current backups and it wants authentication but no box is available to provide my administrator name can anyone help ?

  I purchased a 3TB Airport Time Capsule to use with my Mac running latest Maverics. After 8 hours been able to configure the box using Ethernet connection but now I want to move my current backups from my small driveand it wants authentication but no box is available to provide my administrator name can anyone help ?

  I overcame the permissions by allowing both paths to have read and write access to anyone but that didnt solve it until I copied it into the DATA directory which I created on the Airport Time Capsule.
  I had already discovered the TIME MACHINE How to transfer backups but I am struggling still with the item and cannot currently get it to work. My setup seems to have created a wireless link to my router which is what I wanted and in that set up there are three options. I have simply gone for the extension of my network. I ignored the other option there which I cannot remember something like DNS? That may be the problem becasuse when I remove the Ethernet connector it just doesnt go anywhere.
  I have also found I cannot update my TIME MACHINE software (currently 1.3) as although Apple tell me I should be able to set backups hourly daily or weekly I have only ever been able to run it hourly when i would prefer longer intervals so thought an update might be necssary.
  Also tried to get an update for my Airport Utility (Currently 6.3.2 but cannot find one even though I have read there might be one available and again this might be the problem.
  Have reset the Time Capsule now about a dozen times.
  Following the instructions and trying to copy my existing backup it suggests you need to copy it to the root directory but that is when I get some sort of security issue and I found I could only get it to accept if I dragged my .backupdb to the DATA directory on the Time Capsule. I dont even know if I do this it will work when I come to use it.
  I therefore found your reply of no more help than i had discovered but I hope you return to read this note because I really do need some help.
  I am intending starting again in the next couple of days and fully documenting what I do and what I see and then as I suspect it will be no different and I will then seek an appointment at the Apple Store in Trafford Centre and if that proves unsuccessful then I still have time to return and become a dissatisfied customer with Apple for the first time in a long experience with Apple. I have noticed frightening notes on the conversations which point to problems of Mavericks working with Airport Time Machine!! So in the end it might not be me doing anything wrong. Unfortunately you do feel left out in the dark sometimes that is why I hope you can respond with a solution?

• How do I know WinRM uses Kerberos for authentication, and does not fall-back to NTLM?

  Hi,
  How do I know WinRM uses Kerberos for authentication, and does not fall-back to NTLM?
  /SaiTech

  Hi SaiTech,
  Kerberos will be selected by default in an AD domain, The default (assuming the client is in a domain, and is not connecting to itself via 127.0.0.1 or ::1 addresses) is to use Kerberos authentication, and not to fall back to NTLM.
  Please also Note that you may have to take some other steps as well to get non-Kerberos authentication working.  Specifically, you'd have to set up an HTTPS listener on the remote host, or modify the client's TrustedHosts list.
  Refer to:
  WINRM kerberos & Negotiate
  Authentication for Remote Connections
  In addition, you can also use Network Monitor to check the authentication method.
  If there is anything else regarding this issue, please feel free to post back.
  If you have any feedback on our support, please click here.
  Best Regards,
  Anna Wang
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• ASA 5505 8.4. How to configure the switch to the backup channel to the primary with a delay (ex., 5 min) using the SLA?

  I have ASA 5505 8.4.  How to configure the switch to the backup channel to the primary with a delay (for example 5 min.) using the SLA monitor?
  Or as something else to implement it?
  My configuration for SLA monitor:
  sla monitor 123
   type echo protocol ipIcmpEcho IP_GATEWAY_MAIN interface outside_cifra
   num-packets 3
   timeout 3000
   frequency 10
  sla monitor schedule 123 life forever start-time now
  track 1 rtr 123 reachability

  Hey cadet alain,
  thank you for your answer :-)
  I have deleted all such attempts not working, so a packet-trace will be not very useful conent...
  Here is the LogLine when i try to browse port 80 from outside (80.xxx.xxx.180:80) without VPN connection:
  3
  Nov 21 2011
  18:29:56
  77.xxx.xxx.99
  59068
  80.xxx.xxx.180
  80
  TCP access denied by ACL from 77.xxx.xxx.99/59068 to outside:80.xxx.xxx.180/80
  The attached file is only the show running-config
  Now i can with my AnyConnect Clients, too, but after connection is up, my vpnclients can't surf the web any longer because anyconnect serves as default route on 0.0.0.0 ... that's bad, too
  Actually the AnyConnect and Nat/ACL Problem are my last two open Problems until i setup the second ASA on the right ;-)
  Regards.
  Chris

• How to configure the use of WS-RM in "PI 7.11 EHP1?

  How to configure the use of WS-RM in "PI 7.11 EHP1?
  Currently in the editing window of the communication channel (adapter type WS), I can not see any options regarding Reliable Messaging protocol (WS-RM).
  The scenario that is required is as follows.
  (Consumer WS-RM) -> (Provider WS-RM PI 7.11 EHP1) -> (ABAP Proxy Backend NW 7.0)
  I would greatly appreciate any help,
  Thanks,
  Roger.
  Edited by: Roger Solano on Apr 7, 2011 10:31 PM

  WS adapter supports WS Reliable Messaging.  But WS adapter is used to communicate between two SAP web service runtime. 
  Check this blog and its links for understanding direct connection or point to point communcation using WS adapter
  /people/william.li/blog/2008/02/13/point-to-point-connection-using-abap-in-sap-using-pi-71
  Hoe that helps.

• How to configure the MOSS Crystalreportviewer using ActivX

  Post Author: dileepj
  CA Forum: General Feedback
  Hi
  I am using the MOSS BO integration Kit, and have used the crystalreportsviewer web part. But I want to configure the web part to use the ActiveX component. I would like to get some pointers as how to configure the web part to use the activeX viewer.
  Thanks in advance
  Dileep Jose

  how to access excel files using java.i know
  jakaratapoi is support to access excel files
  how?The home page for POI has all the how to's replied. :)
  http://jakarta.apache.org/poi/hssf/how-to.html
  http://jakarta.apache.org/poi/hssf/quick-guide.html

• How to configure router to use ip pool on the aaa server for vpn clients

  how to configure router to use ip pool on the aaa server for vpn clients . i want to use vpn clients to connect to the router. authenticate using the aaa server username databse and also use the ip pool cretaed on the aaa server. i am not able to find the command on the router pointing to use the pool created on the aaa server. can u some one help me with this command.
  sebastan

  Hello Sebastan,
  what do you use as AAA server (e.g. ACS with TACACS+ or RADIUS) ?
  Regards,
  GNT

• Configuring WACS for AD-kerberos Authentication in XI 3.1

  Hi,
  Installed WACS (WebApplication Container Server) and trying to configure CMC hosted on it, for AD-Kerberos authentication in XI 3.1.Followed all the steps inu201D XI 3.1 admin guideu201D but when trying to login to CMC using Kerberos authentication getting the error u201CAccount Information Not Recognized: Active Directory failed to log you onu2026u201D
  Then installed Tomcat on the same machine and deployed Infoview and CMC on it. Able to login to CMC and Infoview hosted on tomcat using Kerberos authentication, but still Kerberos authentication is failing with WACS.
  Also enabled Kerberos logging for WACS, by adding the command line parameters
  u201C-Dcrystal.enterprise.trace.configuration=verbose
  -Djcsi.kerberos.debug=trueu201D
  But not getting any useful from WebApplicationContainerServer_stdout.log.
  Could you please suggest me know how to proceed here.
  Regards,
  Saikrishna.

  Hi Tim,
  Yes. Did put the paths for krb5.ini and bscLogin.conf in the properties section of WACS.
  Tried deleting the WACS server (Right click and u201CDeleteu201D the server)->Created the server again from Home->Servers->Core Services->Manage->New->New server.
  But getting the same issue, able to login to WACS with enterprise authentication but AD is failing. Anything else I may need to check?
  Regards,
  Saikrishna.

• How to configure Firefox to use OpenVPN?

  summary: I'm running OpenVPN from a Debian client through a Debian jumpbox/server. After I [start the server, start the client] most IP-based applications (DNS, ping, ssh) seem to work from the client, but client's Firefox cannot connect to http://www.whatismyip.com/ (or any other URI). How to configure Firefox to use the VPN? or otherwise fix the problem? or further debug it?
  details:
  I have a laptop running debian_version==jessie/sid with Firefox version=33.0 which needs to access a compute cluster. The cluster formerly required only an SSL VPN (enabled by a Firefox plugin) to access, but now has several additional requirements, which I seek to satisfy by running the SSL VPN through a jumpbox running an OpenVPN server. The jumpbox is running a "vanilla" Debian 7.7.
  I have been using the laptop successfully for a few years without network problems. Currently I have the laptop connected by wire directly to an ISP-supplied modem/router. With `openvpn` NOT running on the laptop, I see:
  * `ifconfig` shows no entry='tun0' (just "the usual" entries for 'eth0', 'lo', 'wlan0'), and shows the expected client IP# bound to 'eth0'.
  * I can `ping` my jumpbox/server using its real IP#, but cannot `ping 10.8.0.1`
  * I can `ssh` to my jumpbox/server using its real IP#, but cannot `ssh 10.8.0.1`
  * `nslookup www.whatismyip.com` gives correct results
  * browsing to http://www.whatismyip.com/ shows my client's IP# (as also shown in `ifconfig`)
  Both my client/laptop and server/jumpbox setups are quite generic OpenVPN-wise, and are almost exactly as described on the Debian wiki
  https://wiki.debian.org/openvpn%20for%20server%20and%20client
  me@jumpbox:~$ date ; cat /etc/openvpn/server.conf
  Sat Nov 8 16:49:00 EST 2014
  port 1194
  proto udp
  dev tun
  ca /etc/openvpn/ca.crt
  cert /etc/openvpn/server.crt
  key /etc/openvpn/server.key
  dh /etc/openvpn/dh1024.pem
  server 10.8.0.0 255.255.255.0
  ifconfig-pool-persist ipp.txt
  push "redirect-gateway def1 bypass-dhcp"
  push "dhcp-option DNS 8.8.8.8" # google public DNS
  keepalive 10 120
  comp-lzo
  user nobody
  group nogroup
  persist-key
  persist-tun
  status openvpn-status.log
  verb 3
  me@laptop:~$ date ; cat /etc/openvpn/client1.conf
  Sat Nov 8 16:51:31 EST 2014
  client
  dev tun
  proto udp
  remote ser.ver.IP.num 1194
  resolv-retry infinite
  nobind
  user nobody
  group nogroup
  persist-key
  persist-tun
  mute-replay-warnings
  ca /etc/openvpn/ca.crt
  cert /etc/openvpn/client1.crt
  key /etc/openvpn/client1.key
  ns-cert-type server
  comp-lzo
  verb 3
  up /etc/openvpn/update-resolv-conf
  down /etc/openvpn/update-resolv-conf
  My jumpbox/server firewall is currently set to forward everything, using `iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE`:
  me@jumpbox:~$ date ; sudo iptables -L
  Sat Nov 8 16:42:06 EST 2014
  Chain INPUT (policy ACCEPT)
  target prot opt source destination
  fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
  Chain FORWARD (policy ACCEPT)
  target prot opt source destination
  Chain OUTPUT (policy ACCEPT)
  target prot opt source destination
  Chain fail2ban-ssh (1 references)
  target prot opt source destination
  RETURN all -- anywhere anywhere
  After I start `openvpn` on first the server and then the client, I see no OpenVPN errors on either the server or the client:
  me@jumpbox:~$ sudo openvpn --script-security 2 --config /etc/openvpn/server.conf &
  Sat Nov 8 17:48:25 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
  Sat Nov 8 17:48:25 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
  Sat Nov 8 17:48:25 2014 Diffie-Hellman initialized with 1024 bit key
  Sat Nov 8 17:48:25 2014 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
  Sat Nov 8 17:48:25 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
  Sat Nov 8 17:48:25 2014 ROUTE default_gateway=ser.ver.gate.way
  Sat Nov 8 17:48:25 2014 TUN/TAP device tun0 opened
  Sat Nov 8 17:48:25 2014 TUN/TAP TX queue length set to 100
  Sat Nov 8 17:48:25 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
  Sat Nov 8 17:48:25 2014 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
  Sat Nov 8 17:48:25 2014 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
  Sat Nov 8 17:48:25 2014 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
  Sat Nov 8 17:48:25 2014 GID set to nogroup
  Sat Nov 8 17:48:25 2014 UID set to nobody
  Sat Nov 8 17:48:25 2014 UDPv4 link local (bound): [undef]
  Sat Nov 8 17:48:25 2014 UDPv4 link remote: [undef]
  Sat Nov 8 17:48:25 2014 MULTI: multi_init called, r=256 v=256
  Sat Nov 8 17:48:25 2014 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
  Sat Nov 8 17:48:25 2014 ifconfig_pool_read(), in='TomRoche,10.8.0.4', TODO: IPv6
  Sat Nov 8 17:48:25 2014 succeeded -> ifconfig_pool_set()
  Sat Nov 8 17:48:25 2014 IFCONFIG POOL LIST
  Sat Nov 8 17:48:25 2014 TomRoche,10.8.0.4
  Sat Nov 8 17:48:25 2014 Initialization Sequence Completed
  me@laptop:~$ sudo openvpn --script-security 2 --config /etc/openvpn/client1.conf &
  Sat Nov 8 17:49:12 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
  Sat Nov 8 17:49:12 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
  Sat Nov 8 17:49:12 2014 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
  Sat Nov 8 17:49:12 2014 UDPv4 link local: [undef]
  Sat Nov 8 17:49:12 2014 UDPv4 link remote: [AF_INET]jump.box.IP.num:1194
  Sat Nov 8 17:49:12 2014 TLS: Initial packet from [AF_INET]jump.box.IP.num:1194, sid=25df7af6 0ece4089
  Sat Nov 8 17:49:13 2014 VERIFY OK: depth=1, <my config data/>
  Sat Nov 8 17:49:13 2014 VERIFY OK: nsCertType=SERVER
  Sat Nov 8 17:49:13 2014 VERIFY OK: depth=0, <my config data/>
  Sat Nov 8 17:49:14 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
  Sat Nov 8 17:49:14 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
  Sat Nov 8 17:49:14 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
  Sat Nov 8 17:49:14 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
  Sat Nov 8 17:49:14 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
  Sat Nov 8 17:49:14 2014 [TomRoche] Peer Connection Initiated with [AF_INET]jump.box.IP.num:1194
  Sat Nov 8 17:49:16 2014 SENT CONTROL [TomRoche]: 'PUSH_REQUEST' (status=1)
  Sat Nov 8 17:49:16 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
  Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: timers and/or timeouts modified
  Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: --ifconfig/up options modified
  Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: route options modified
  Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
  Sat Nov 8 17:49:16 2014 ROUTE_GATEWAY lap.top.gate.way/255.255.255.0 IFACE=eth0 HWADDR=la:pt:op:MAC:ad:dr
  Sat Nov 8 17:49:16 2014 TUN/TAP device tun0 opened
  Sat Nov 8 17:49:16 2014 TUN/TAP TX queue length set to 100
  Sat Nov 8 17:49:16 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
  Sat Nov 8 17:49:16 2014 /sbin/ip link set dev tun0 up mtu 1500
  Sat Nov 8 17:49:16 2014 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
  Sat Nov 8 17:49:16 2014 /etc/openvpn/update-resolv-conf tun0 1500 1542 10.8.0.6 10.8.0.5 init
  dhcp-option DNS 8.8.8.8
  Sat Nov 8 17:49:16 2014 /sbin/ip route add lap.top.IP.num/32 via lap.top.gate.way
  Sat Nov 8 17:49:16 2014 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
  Sat Nov 8 17:49:16 2014 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
  Sat Nov 8 17:49:16 2014 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
  Sat Nov 8 17:49:16 2014 GID set to nogroup
  Sat Nov 8 17:49:16 2014 UID set to nobody
  Sat Nov 8 17:49:16 2014 Initialization Sequence Completed
  I then see the following on my client:
  * `ifconfig` shows a new entry=`tun0`, which looks correct
  * I can `ping` the server using either its real IP# or `10.8.0.1`
  * I can `ssh` to the server using either its real IP# or `10.8.0.1`
  * `nslookup www.whatismyip.com` gives correct results
  ... but I get no connection if I open a new instance of Firefox and browse to http://www.whatismyip.com/ :-( "Looking up www.whatismyip.com..." succeeds quickly but the status line continues to display "Connecting to www.whatismyip.com..." until the attempt times out. I also get the same behavior (connection timeout) if I open a new instance of Chrome, or if I browse to http://www.whatismyip.com/ with a Firefox opened prior to starting OpenVPN. FWIW I get the same behavior browsing to any URI, including (e.g.) Google.
  This is a major problem for me! For the SSL VPN to work, I need to start a Firefox and run it (since the SSL VPN's vendor only supports it on Linux via a Firefox plugin) to access a particular remote-access website. Furthermore I need the SSL VPN to run through the jumpbox/OpenVPN. (Don't ask, it's a long, sad story ...)
  Is there something I must do to configure Firefox to use the VPN? Or is there some other way to fix this?
  Alternatively, what should I do to further debug the problem? It just seems odd to me that the other services work (e.g., `nslookup`, `ssh`) but Firefox does not. That being said, both Firefox and Chrome fail in this usecase, so the problem might be generic to web browsers.
  your assistance is appreciated, Tom Roche <[email protected]>

  You're kidding. You have to go through that rigamarole just to put your bookmarks on your own server? Where's the simple FTP option?
  Also, the above-linked article has a broken link. The link to the weaveserver (which is what you have to set up on your own server) is no good, and there is no obvious replacement. There are plenty of Weave-related repositories here:
  http://hg.mozilla.org/labs
  but it's not clear what you need.

• How to configure the smtp server..

  i had an error when running the java mail program..
  this is my program
  import javax.mail.*;
  import javax.mail.internet.*;
  import javax.activation.*;
  import java.io.*;
  import java.util.Properties;
  public class MailClient
  public void sendMail(String mailServer, String from, String to,
  String subject, String messageBody,
  String[] attachments) throws
  MessagingException, AddressException
  // Setup mail server
  Properties props = System.getProperties();
  props.put("mail.smtp.host", mailServer);
  // Get a mail session
  Session session = Session.getDefaultInstance(props, null);
  // Define a new mail message
  Message message = new MimeMessage(session);
  message.setFrom(new InternetAddress(from));
  message.addRecipient(Message.RecipientType.TO, new InternetAddress(to));
  message.setSubject(subject);
  // Create a message part to represent the body text
  BodyPart messageBodyPart = new MimeBodyPart();
  messageBodyPart.setText(messageBody);
  //use a MimeMultipart as we need to handle the file attachments
  Multipart multipart = new MimeMultipart();
  //add the message body to the mime message
  multipart.addBodyPart(messageBodyPart);
  // add any file attachments to the message
  // addAtachments(attachments, multipart);
  // Put all message parts in the message
  message.setContent(multipart);
  // Send the message
  Transport.send(message);
  protected void addAtachments(String[] attachments, Multipart multipart)
  throws MessagingException, AddressException
  for(int i = 0; i<= attachments.length -1; i++)
  String filename = attachments;
  MimeBodyPart attachmentBodyPart = new MimeBodyPart();
  //use a JAF FileDataSource as it does MIME type detection
  DataSource source = new FileDataSource(filename);
  attachmentBodyPart.setDataHandler(new DataHandler(source));
  //assume that the filename you want to send is the same as the
  //actual file name - could alter this to remove the file path
  attachmentBodyPart.setFileName(filename);
  //add the attachment
  multipart.addBodyPart(attachmentBodyPart);
  public static void main(String[] args)
  try
  MailClient client = new MailClient();
  String server="smtp.canvasindia.com";
  String from="[email protected]";
  String to = "[email protected]";
  String subject="Test";
  String message="Testing";
  String[] filenames ={"c:/A.java"};
  client.sendMail(server,from,to,subject,message,filenames);
  catch(Exception e)
  e.printStackTrace(System.out);
  the error is .................
  javax.mail.SendFailedException: Invalid Addresses;
  nested exception is:
  com.sun.mail.smtp.SMTPAddressFailedException: 553 Attack detected from p
  ool 59.144.8.116. <http://unblock.secureserver.net/?ip=59.144.8.*>
  at com.sun.mail.smtp.SMTPTransport.rcptTo(SMTPTransport.java:1196)
  at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:584)
  at javax.mail.Transport.send0(Transport.java:169)
  at javax.mail.Transport.send(Transport.java:98)
  at MailClient.sendMail(MailClient.java:47)
  at MailClient.main(MailClient.java:84)
  Caused by: com.sun.mail.smtp.SMTPAddressFailedException: 553 Attack detected fro
  m pool 59.144.8.116. <http://unblock.secureserver.net/?ip=59.144.8.*>
  at com.sun.mail.smtp.SMTPTransport.rcptTo(SMTPTransport.java:1047)
  ... 5 more
  how to configure the smtp server in my machine..
  please guide me...

  This uses gmail account, and gmail smtp
  * MailSender.java
  * Created on 14 November 2006, 17:07
  * This class is used to send mails to other users
  package jmailer;
  * @author Abubakar Gurnah
  import javax.mail.*;
  import javax.mail.internet.*;
  import java.util.*;
  public class MailSender{
      private String d_email,d_password;
       * This example is for gmail, you can use any smtp server
       * @param d_email --> your gmail account e.g. [email protected]
       * @param d_password  --> your gmail password
       * @param d_host --> smtp.gmail.com
       * @param d_port --> 465
       * @param m_to --> [email protected]
       * @param m_subject --> Subject of the message
       * @param m_text --> The main message body
      public String send(String d_email,String d_password,String d_host,String d_port,
              String m_from,String m_to,String m_subject,String m_text ) {
          this.d_email=d_email;
          this.d_password=d_password;
          Properties props = new Properties();
          props.put("mail.smtp.user", d_email);
          props.put("mail.smtp.host", d_host);
          props.put("mail.smtp.port", d_port);
          props.put("mail.smtp.starttls.enable","true");
          props.put("mail.smtp.auth", "true");
          //props.put("mail.smtp.debug", "true");
          props.put("mail.smtp.socketFactory.port", d_port);
          props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
          props.put("mail.smtp.socketFactory.fallback", "false");
          SecurityManager security = System.getSecurityManager();
          try {
              Authenticator auth = new SMTPAuthenticator();
              Session session = Session.getInstance(props, auth);
              //session.setDebug(true);
              MimeMessage msg = new MimeMessage(session);
              msg.setText(m_text);
              msg.setSubject(m_subject);
              msg.setFrom(new InternetAddress(m_from));
              msg.addRecipient(Message.RecipientType.TO, new InternetAddress(m_to));
              Transport.send(msg);
              return "Successful";
          } catch (Exception mex) {
              mex.printStackTrace();
          return "Fail";
      //public static void main(String[] args) {
      //    MailSender blah = new MailSender();
      private class SMTPAuthenticator extends javax.mail.Authenticator {
          public PasswordAuthentication getPasswordAuthentication() {
              return new PasswordAuthentication(d_email, d_password);
  }

• Exchange 2010 sp2 emc initialization error using "kerberos" authentication failed

  We use exchange 2010 SP2.
  We have 2 management stations, both w2k8 R2 SP1.
  I have one mangement station on which the emc and ems works ok.
  On the other management staiton (which is also in another ad site) the emc and ems don't work.
  I get the following error message : The attempt to connect to
  http://fqdnCasServer/PowerShell using "Kerberos" authentication failed: Connecting to remote server failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
  I have checked the time on the management station and on the exchange server and this is ok.
  It is not a permissions issue because the user functions ok on the other management station.
  On the bad management station I can open the emc once and after a minute I get an error message and the message access denied. From then on I can't connect any more.
  What am I doing wrong?
  Anyone any tips?
  Thanks,
  JB 

  This is what I get in the eventlog of the bad management station.
  Log Name:      MSExchange Management
  Source:        MSExchange CmdletLogs
  Date:          1/10/2012 11:39:27
  Event ID:      6
  Task Category: (1)
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      Server.domain.com
  Description:
  The description for Event ID 6 from source MSExchange CmdletLogs cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
  If the event originated on another computer, the display information had to be saved with the event.
  The following information was included with the event:
  Get-ExchangeServer
  {Identity=Servername}
  Domain/ou/ou/ou/ou/username
  Exchange Management Console-Local
  3080
  22
  00:00:00.3593888
  View Entire Forest: 'True', Configuration Domain Controller: 'FQDN DC', Preferred Global Catalog: 'FQDN DC', Preferred Domain Controllers: '{ FQDN DN }'
  Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException: The operation couldn't be performed because object 'FQDN MGMTSTATION' couldn't be found on 'FQDN DC'.
  Context
  the message resource is present but the message is not found in the string/message table
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="MSExchange CmdletLogs" />
      <EventID Qualifiers="49152">6</EventID>
      <Level>2</Level>
      <Task>1</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2012-10-01T09:39:27.000000000Z" />
      <EventRecordID>11</EventRecordID>
      <Channel>MSExchange Management</Channel>
      <Computer>FQDN MGMT STATION</Computer>
      <Security />
    </System>
    <EventData>
      <Data>Get-ExchangeServer</Data>
      <Data>{Identity=MGMT STATION}</Data>
      <Data>domain/ou/ou/ou/ou/username</Data>
      <Data>
      </Data>
      <Data>
      </Data>
      <Data>Exchange Management Console-Local</Data>
      <Data>3080</Data>
      <Data>
      </Data>
      <Data>22</Data>
      <Data>00:00:00.3593888</Data>
      <Data>View Entire Forest: 'True', Configuration Domain Controller: 'FQDN DC', Preferred Global Catalog: 'FQDN DC', Preferred Domain Controllers: '{ FQDN DC }'</Data>
      <Data>Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException: The operation couldn't be performed because object 'FQDN MGMT STATION' couldn't be found on 'FQDN DC'.</Data>
      <Data>Context</Data>
      <Data>
      </Data>
    </EventData>
  </Event>

• How to configure sendmail to use multiple LDAP servers ?

  Hi everybody!
  I have a sendmail running on Solaris 10 and a LDAP server(192.168.1.9) also running Solaris 10 OS. I have configured the sendmail the following way:
  bash-3.00# ldapclient list
  NS_LDAP_FILE_VERSION= 2.0
  NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=email,dc=reso,dc=ru
  NS_LDAP_BINDPASSWD= {NS1}*********************
  NS_LDAP_SERVERS= 192.168.1.9
  NS_LDAP_SEARCH_BASEDN= dc=email,dc=domain,dc=ru
  NS_LDAP_AUTH= simple
  NS_LDAP_SEARCH_REF= FALSE
  NS_LDAP_SEARCH_SCOPE= sub
  NS_LDAP_SEARCH_TIME= 30
  NS_LDAP_CACHETTL= 43200
  NS_LDAP_PROFILE= default
  NS_LDAP_CREDENTIAL_LEVEL= proxy
  NS_LDAP_BIND_TIME= 10
  I also have another LDAP server (IP 192.168.1.10). It is configured as a replicant of the 192.168.1.9 LDAP server.
  The question is how can i configure sendmail to use both LDAP servers ?
  The man pages explain how to configure ldapclient to use ONE server and what if want to use two or more? All the settings and the profiles the same.
  Thanks in advance =))

  Hi!
  To add LDAP servers to the Solaris ldapclient, you might use the ldapclient command:
  ldapclient manual -v -a defaultServerList="servera.yourdomain.com serverb.yourdomain.com"
  But this is only failover, AFAIK the Solaris ldapclient does not perform loadbalancing by itself.
  But I am not sure about your sendmail programm. Normally, sendmail has its own configuration
  and can be configured to use LDAP e.g. for aliases etc.
  Regards!
  Rainer