Serving Directories with Authentication via Apache
Yep, it really is that simple but it's driving me nuts.
We are setting up an xserve to serve customer data (directories with HTML pages). I'd like to be able to set up a folder for each customer, have them hit our server via http, be challenged for a username and password, and be able to view and browse thier folder contents.
I've poked around in server admin most of the day (spending a lot of time trying to set up realms with no luck), looked at the Web Technologies Administration document (following directions on page 43 with no luck), browsed the web and this forum and still don't see how I might do this.
Suggestions on where to look or specific advice would be greatly appreciated and sorry if this is so galactically simple and/or discussed an infinite number of times.
xerve g5 & others Mac OS X (10.4.6)
Welcome to discussions!
Server Admin does a pretty good job of making simple things hard, doesn't it? The only thing more useless is the performance cache.
Probably the easiest way, unless you have a VERY high volume server, to do what you want would be .htaccess files. In each of the folders that you want basic authentication for it's contents, create a folder with the name .htaccess . In .htaccess the following:
AuthType Basic
AuthName "What you want to appear in the popup window"
AuthUserFile /path/to/a/file/that/has/name/passwds
require valid-user
Check out the man page for htpasswd. It will help you make a name/password file for your .htaccess file to reference.
Roger
Similar Messages
-
Kerberos authentication via Apache ...
Hi all !
we use SAP NW Portal 7.0; we can access the portal from internet via Apache as reverse proxy;
our internal and external users access the portal via the Apache reverse proxy;
now we want to use kerberos to authenticate against J2EE of Portal;
Kerberos is working when ich access the Portal directly via http://<fqdn>:<port>/irj;
but when we want to access the portal via Apache reverse proxy e.g. http://portal.test.com authentication via Kerberos don't work; Apache doesn't pass the kerberos ticket;
is there any solution ?
the Apache reverse proxy should be the 'single point of contact' for portal access;
Thanks
Oliverto use the portal, all users ( internal or external ) have to use the URL to our apache reverse proxy; the URL is the same for internal or external users
==> http://portal.test.com;
for the internal users, it would be nice if the apache reverse proxy could pass the kerberos ticket to the portal server so that the login page doesn't appear;
how to ?
Thanks
Oliver -
Upgrade from 10.6.8 to Mavericks server: issue with authenticated bind
Hello, I have tried upgrading a 10.6.8 server to 3.1.2 Mavericks server and found I can't bind 10.9.x clients.
I need to keep using authenticated bind to manage clients in Workgroup Manager
I have exported the 10.6.8 OD database and imported into a clean installation of Mavericks 3.1.2 server and everything went fine that far.
I then noticed that authenticated bind in Mavericks now requires SSL and the certiicate.
Once I have imported the 10.6.8 OD database into the new server (same name and IP), only the selfsigned certificate coming from the 10.6.8 server is being imported and OD service remains "unprotected" without any certificate assigned (it seems I can't change this)
The problem is I can successfully bind 10.8.x clients against the 10.9 server while this seems not to be possible with 10.9.x clients when using authenticated bind.
If I create a new OD domain, there's an intemediate certificate assigned by default and I can bind 10.9.x clients (authenticated bind).
Am I missing something obvious?
Many thanks for your help
Cheers
CarloHello and many thanks to all for your hints
@Strontium90 I am aware I should move to profiles and I am working towards this goal, but I had mixed results as far as reliability here.
Anyway, I took my time to perform the upgrade once again from scratch and it's defenatly something related to certificates
The only way to (authenticated) bind a 10.9 test client is when I create a new OD domain and the server uses the intemediate certificate that it's automatically created and assigned to OD service
Using the sefl-signed certificate (the existing one - that is imported along with the OD DB - or a new one assigne to it) does not work with the imported DB.
This is the error I get when I try to bind with dsconfigldap
iMac-di-admin:~ admin$ sudo /usr/sbin/dsconfigldap -vsemgx -a my.ODserver.FQDN.com
Password:
dsconfigldap verbose mode
Using suggested computer ID <imac-di-admin>
Options selected by user:
Enforce Secure Authentication is enabled
SSL was chosen
Add server option selected
Server name provided as <my.ODserver.FQDN.com>
Computer ID provided as <imac-di-admin>
Local username determined to be <root>
Enforce man-in-the-middle only policy if server supports it.
Adding new node to search policies
Enforce packet encryption policy if server supports it.
Enforce packet signing policy if server supports it.
Certificates will be automatically added to your system keychain in order to talk to this server.
Would you like to continue (y/n)? y
Error: Description unavailable (9006)
While this is the error I get from Directory Utility
I think I'll seek support from a consultant... ...it all seems beyod my skills
Many thanks again!
Carlo -
Hi,
I want to access Cisco PI 2.1 GUI using my AD credentials, so on PI I've enabled RADIUS AAA Mode and added RADIUS servers (two ISE nodes in our case). On ISE I added PI as RADIUS client and configured the same keys. Next, on ISE I created authorization profile PRIME_ADMIN_ACCESS with only attribute settings defined:
My authentication and authorization rules relating that case are as on following screenshots:
So when I open GUI of PI and enter my AD credentials to log in I have no success and I receive following message:
Looking in ISE's Authentication section I can see following:
Time difference between these two authentication/authorizations is just 25 msecs and clicking on each of them reveals following:
So at first I can authenticate and authorize (authorization profile has necessary attributes defined for PI management access (NCS:role0=Root, NCS:virtual-domain0=ROOT-DOMAIN)) and after 25 msecs I am getting failure. So what could be cause of such things and how I can successfully log in to PI GUI authenticating via ISE using AD credentials?Hi,
-- Please Go to Administration > Logging > set the Message level to TRACE > Click save
-- Then try to add the ISE.
-- Once it fails, collect the logs from Administration > Logging >
check the "ncs-0-0.log" & search the file for "ERROR" & paste the results here. This will give us exact reason.
- Ashok
Please rate the post or mark as correct answer as it will help others looking for similar information -
UNSUPPORTED : The way it works Apache with OC4J via AJPV13 with mod_jk
RDBMS Version: 8.1.7.x
Operating System and Version: SUSE Linux 7.2 / Win NT/2k/XP
Product (i.e., OAS, IAS, etc): 9ias 1.0.2.2 OC4J 9.0.2.0.0
Product Version:
JDK Version: 1.3.1
Error number:
UNSUPPORTED : The way it works Apache with OC4J via AJPV13 with mod_jk
We dont want to use the lame and old mod_jserv so we want to use oc4j but in connection with Apache.
This is like mod_oc4j in the Oracle 9ias Release 2
This guide is for advanced users !
Step-by-Step :
1) get Tomcat 3.3 for linux or nt with Apache module mod_jk
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3/bin/
2) add mod_jk module to httpd.conf (9ias) and comment all mod_jserv, dms, oproc, ojsp ....
LoadModule jk_module libexec/mod_jk.so
Include mod_jk.conf
3) edit mod_jk.conf
JkMount /*.jsp ajp13
JkMount /servlet/* ajp13 JkMount /servlets/* ajp13
<Location "/WEB-INF/"> AllowOverride None
deny from all
</Location>
3) edit workers.properties
workers.tomcat_home=/opt/oracle/ias/oc4j/j2ee/home
workers.java_home=/usr/java
worker.list=ajp13
worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13
4) edit http-web-site.xml (oc4j)
<web-site host="localhost" port="8009" protocol="ajp13" display-name="Oracle9iAS Containers for J2EE HTTP Web Site">
5) start oc4j
java -verbose -jar oc4j.jar
6) start apache (look in error_log)
apachectl startssl
7) try to request a jsp page or servlet ..
http://localhost:7777/test.jsp
8) good luck it works fine .. !!
Matthias Roth
Technical Manager
Z|rich Investmentgesellschaft mbH
[email protected]Thanks for the tip Mathias, it's always good to see people trying out experimental things with the products.
We're providing a new module (mod_oc4j) with our Oracle9iAS Release2 product to do this directly from the Oracle HTTP Server (Apache). We've re-written bits and pieces of the module to improve it's performance. Likewise, we've also integrated mod_oc4j with our HA story so it will be notified when new OC4J instances are brought online or if existing ones go down, enabling it to actively route requests around the available OC4J instances.
Thanks again!
-steve0 -
Ticket isnt for us - Apache DS on Windows Server 2008 with Kerberos
Hello there,
I installed Apache DS 1.5.7 on Windows Server 2008 R2 with Kerberos enabled.
I followed the instructions here http://directory.apache.org/apacheds/1.5/543-kerberos-in-apacheds-155.html.
I added the my users like the example ldif file of the official instructions. Users got their krb keys.
But when i try to authenticate with Apache Directory Studio using Kerberos authentication as told in the instructions.
I get ERROR 35 "Ticket isn't for us".
I tried googling this issuebut i couldnt solve it on my own.
Any help will be greatly appreciated.
Here is the server log
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR [org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450 The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR [org.apache.directory.server.Service] - Cannot start the server : reuseAddress can't be set while the acceptor is bound.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59504 CREATED: datagram
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59504 OPENED
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59504 RCVD: [email protected]5a608
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Received Authentication Service (AS) request:
INFO | jvm 1 | 2012/01/04 18:03:35 | messageType: AS_REQ
INFO | jvm 1 | 2012/01/04 18:03:35 | protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 | clientAddress: 192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 | nonce: 2070170438
INFO | jvm 1 | 2012/01/04 18:03:35 | kdcOptions:
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal: [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | encryptionType: des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac (23), des3-cbc-sha1-kd (16)
INFO | jvm 1 | 2012/01/04 18:03:35 | realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | from time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | till time: 19700101000000Z
INFO | jvm 1 | 2012/01/04 18:03:35 | renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Session will use encryption type des-cbc-md5 (3).
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | dn[n]: uid=myuser,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: organizationalPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: person
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5Principal
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5KDCEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: inetOrgPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: top
INFO | jvm 1 | 2012/01/04 18:03:35 | uid: myuser
INFO | jvm 1 | 2012/01/04 18:03:35 | sn: mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5PrincipalName: [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x6B 0x4C 0x3B 0x25 0x92 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x44 0x28 0x3A 0x44 0x47 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xB9 0xFE 0xE9 0x45 0xB5 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5KeyVersionNumber: 4
INFO | jvm 1 | 2012/01/04 18:03:35 | cn: myname mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | userPassword: '0x41 0x61 0x31 0x32 0x33 0x34 0x35 0x36 '
INFO | jvm 1 | 2012/01/04 18:03:35 | for kerberos principal name [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using SAM subsystem.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using encrypted timestamp.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Entry for client principal [email protected] has no SAM type. Proceeding with standard pre-authentication.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Additional pre-authentication required (25)
INFO | jvm 1 | 2012/01/04 18:03:35 | org.apache.directory.server.kerberos.shared.exceptions.KerberosException: Additional pre-authentication required
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.verifyEncryptedTimestamp(AuthenticationService.java:269)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:107)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:145)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
INFO | jvm 1 | 2012/01/04 18:03:35 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
INFO | jvm 1 | 2012/01/04 18:03:35 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
INFO | jvm 1 | 2012/01/04 18:03:35 | at java.lang.Thread.run(Thread.java:722)
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Responding to request with error:
INFO | jvm 1 | 2012/01/04 18:03:35 | explanatory text: Additional pre-authentication required
INFO | jvm 1 | 2012/01/04 18:03:35 | error code: 25
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal: null
INFO | jvm 1 | 2012/01/04 18:03:35 | client time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | server time: 20120104160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59504 SENT: org.apache.directory.server.kerberos.shared.messages.ErrorMessage@1878a17
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59505 CREATED: datagram
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59505 OPENED
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59505 RCVD: [email protected]8df29
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Received Authentication Service (AS) request:
INFO | jvm 1 | 2012/01/04 18:03:35 | messageType: AS_REQ
INFO | jvm 1 | 2012/01/04 18:03:35 | protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 | clientAddress: 192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 | nonce: 205129622
INFO | jvm 1 | 2012/01/04 18:03:35 | kdcOptions:
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal: [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | encryptionType: des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac (23), des3-cbc-sha1-kd (16)
INFO | jvm 1 | 2012/01/04 18:03:35 | realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | from time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | till time: 19700101000000Z
INFO | jvm 1 | 2012/01/04 18:03:35 | renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Session will use encryption type des-cbc-md5 (3).
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | dn[n]: uid=myuser,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: organizationalPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: person
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5Principal
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5KDCEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: inetOrgPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: top
INFO | jvm 1 | 2012/01/04 18:03:35 | uid: myuser
INFO | jvm 1 | 2012/01/04 18:03:35 | sn: mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5PrincipalName: [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x6B 0x4C 0x3B 0x25 0x92 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x44 0x28 0x3A 0x44 0x47 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xB9 0xFE 0xE9 0x45 0xB5 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5KeyVersionNumber: 4
INFO | jvm 1 | 2012/01/04 18:03:35 | cn: myname mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | userPassword: '0x41 0x61 0x31 0x32 0x33 0x34 0x35 0x36 '
INFO | jvm 1 | 2012/01/04 18:03:35 | for kerberos principal name [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using SAM subsystem.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using encrypted timestamp.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Entry for client principal [email protected] has no SAM type. Proceeding with standard pre-authentication.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Pre-authentication by encrypted timestamp successful for [email protected].
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | dn[n]: uid=krbtgt,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: organizationalPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: person
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5Principal
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: gosaAccount
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5KDCEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: inetOrgPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: top
INFO | jvm 1 | 2012/01/04 18:03:35 | uid: krbtgt
INFO | jvm 1 | 2012/01/04 18:03:35 | sn: Service
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5PrincipalName: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x5E 0x10 0xEF 0xE9 0x83 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x18 0x85 0x5A 0xA3 0xC9 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xEC 0xE0 0x98 0x6D 0x85 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5KeyVersionNumber: 3
INFO | jvm 1 | 2012/01/04 18:03:35 | cn: KDC Service
INFO | jvm 1 | 2012/01/04 18:03:35 | userPassword: '0x41 0x61 0x31 0x32 0x33 0x34 0x35 0x36 '
INFO | jvm 1 | 2012/01/04 18:03:35 | for kerberos principal name krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Ticket will be issued for access to krbtgt/[email protected].
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Monitoring Authentication Service (AS) context:
INFO | jvm 1 | 2012/01/04 18:03:35 | clockSkew 300000
INFO | jvm 1 | 2012/01/04 18:03:35 | clientAddress /192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 | principal [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | cn null
INFO | jvm 1 | 2012/01/04 18:03:35 | realm null
INFO | jvm 1 | 2012/01/04 18:03:35 | principal [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | SAM type null
INFO | jvm 1 | 2012/01/04 18:03:35 | principal krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | cn null
INFO | jvm 1 | 2012/01/04 18:03:35 | realm null
INFO | jvm 1 | 2012/01/04 18:03:35 | principal krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | SAM type null
INFO | jvm 1 | 2012/01/04 18:03:35 | Request key type des-cbc-md5 (3)
INFO | jvm 1 | 2012/01/04 18:03:35 | Client key version 0
INFO | jvm 1 | 2012/01/04 18:03:35 | Server key version 0
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Responding with Authentication Service (AS) reply:
INFO | jvm 1 | 2012/01/04 18:03:35 | messageType: AS_REP
INFO | jvm 1 | 2012/01/04 18:03:35 | protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 | nonce: 205129622
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal: [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | client realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | server realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | auth time: 20120104160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 | start time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | end time: 20120105160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 | renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59505 SENT: org.apache.directory.server.kerberos.shared.messages.AuthenticationReply@14fa707
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59506 CREATED: datagram
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59506 OPENED
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59506 RCVD: [email protected]eef81
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService] - Received Ticket-Granting Service (TGS) request:
INFO | jvm 1 | 2012/01/04 18:03:35 | messageType: TGS_REQ
INFO | jvm 1 | 2012/01/04 18:03:35 | protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 | clientAddress: 192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 | nonce: 263725163
INFO | jvm 1 | 2012/01/04 18:03:35 | kdcOptions:
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal: null
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: ldap/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | encryptionType: des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac (23), des3-cbc-sha1-kd (16)
INFO | jvm 1 | 2012/01/04 18:03:35 | realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | from time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | till time: 19700101000000Z
INFO | jvm 1 | 2012/01/04 18:03:35 | renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService] - Session will use encryption type des-cbc-md5 (3).
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - The ticket isn't for us (35)
INFO | jvm 1 | 2012/01/04 18:03:35 | org.apache.directory.server.kerberos.shared.exceptions.KerberosException: The ticket isn't for us
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.verifyTgt(TicketGrantingService.java:233)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.execute(TicketGrantingService.java:100)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:158)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
INFO | jvm 1 | 2012/01/04 18:03:35 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
INFO | jvm 1 | 2012/01/04 18:03:35 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
INFO | jvm 1 | 2012/01/04 18:03:35 | at java.lang.Thread.run(Thread.java:722)
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Responding to request with error:
INFO | jvm 1 | 2012/01/04 18:03:35 | explanatory text: The ticket isn't for us
INFO | jvm 1 | 2012/01/04 18:03:35 | error code: 35
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal: null
INFO | jvm 1 | 2012/01/04 18:03:35 | client time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | server time: 20120104160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59506 SENT: org.apache.directory.server.kerberos.shared.messages.ErrorMessage@1c83981From AD end
Create an OU
Create an Group
Create an User
add user to group
=============================
From LDAP client you should point to Active directory , to be more precise
LDAP base DN eg: dc=Microsoft , dc=com
search at the specific scope :EG; full search / subtree search
add the user in your application ( user is the one which you have created in AD )
client will connect to LDAP server , binds and then searches under the specified scope -
Email via an SMTP server which needs authentication
JSC bundles codes for emailing via an SMTP server which does not need authentication. But, can I get codes for emailing via an SMTP server which needs authentication?
Thank you very much.I'd recommend the following free, open source library
from Apache. It's powerful and simple to use.
http://jakarta.apache.org/commons/email/
I get the following exception when I use Apache commons. This occurs in both circumstances when SMTP authentication is needed or not.
java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1252)
at java.lang.System.getProperties(System.java:560)
at org.apache.commons.mail.Email.getMailSession(Email.java:355)
at org.apache.commons.mail.Email.buildMimeMessage(Email.java:748)
at org.apache.commons.mail.Email.send(Email.java:897)
at manamakal.test.ApacheEmailTest.button1_action(ApacheEmailTest.java:234)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.sun.faces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:126)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:72)
at com.sun.rave.web.ui.appbase.faces.ActionListenerImpl.processAction(ActionListenerImpl.java:57)
at javax.faces.component.UICommand.broadcast(UICommand.java:312)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:267)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:381)
at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:75)
at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:221)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:90)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:197)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:257)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at com.sun.rave.web.ui.util.UploadFilter.doFilter(UploadFilter.java:194)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:132)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:189)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.doProcess(ProcessorTask.java:604)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:475)
at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:371)
at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:264)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:281)
at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:83)
|#]
Any further help is very much appreciated. -
We have a requirement where in we have multiple solaris servers and each solaris server has a directory with the same name.
The files in these directories will be different.
These same name directories on multiple severs has to be mounted to a single directory on another sever.
We are planning to use NFS, but it seems we can not mount multiple directories with same name on different severs to a single mount point using NFS, and we need to create multiple mount points.
Is there any way we can achieve this so that all the directories can be mounted to a single mount point?You can try to mount all these mount points via NFS in one additional server and then export this new tree again via NFS to all your servers.
No sure if this works. If this works, then you will have in this case just an additional level in the tree. -
Installing 64-bit ColdFusion with 32-bit Apache web server on Windows Server 2008 64-bit
This is related to another discussion that had a solution of using an unofficial 64-bit Apache, which is not permitted in my situation. The discussion is here: http://forums.adobe.com/message/3580001.
I’m having trouble running the Apache and ColdFusion services after connecting the two with wsconfig. I’ve tried replacing the 64-bit mod_jrun22.so with the 32-bit equivalent and the Apache service will then start, but the ColdFusion services error when loading the jvm.dll.
Anyone familiar with this?
Apache Web Server 2.2.22
ColdFusion 9
Thanks.Looking into the same issue myself. Can you elaborate on this? Which version of the JVM did you upgrade to and did you configure it in the CF Admin to use that jvm?
Using the web connector, I get an error message that the mod_jrun22.so is not a valid win32 application.
Thanks -
I am new to Mac...How do I get connected to a server on my network via a hyper link IP address path? When I try to open in a URL and login as a registered user with proper login it errors out saying there was a problem with connecting to the server?
Some of the following is going to use some technical terms — this area is inherently somewhat technical.
If you don't understand some part of the following reply, please ask.
Is this your own OS X Server system on your own network, or is this some other server within some larger organization?
You're posting this in the OS X Server forum, which is a software package that allows OS X systems to provide web-based and many other services; to become servers.
If it's your OS X Server on your network, then the network and DNS configurations are suspect, or the server is somehow malfunctioning or misconfigured. This is unfortunately fairly common, as some folks do try to avoid setting up DNS services.
If it's a larger organization and somebody else is managing the server and the network, then you'll probably need to contact the IT folks for assistance; to learn the network setup and DNS requirements, and if there's a problem with the server itself.
The basic web URL "hyper link IP address path" — without using DNS — usually looks something the following, where you'll need to replace 10.20.30.40 with the IP address of your server:
http://10.20.30.40
UptimeJeff has posted a URL that specifies the AFP file system; an OS X file share. That's used if you're connecting to an Apple storage service somewhere on your network. You might alternatively need to specify smb://10.20.30.40 or such, if it's a Windows file server. (There can be additional requirements for connecting to Windows Server systems, too.)
If there's local IT staff available here, please contact them for assistance. If these are your own local systems and your own local OS X Server system, then some information on the server will be needed. (If you're on a NAT'd network, you'll also need to get DNS services configured and working on your local OS X Server system and your network — you'll not be able to skip this step and reference ISP DNS servers here — or things can and usually will get weird.) -
Exchange Server 2013 with RADIUS authentication
Hello,
I am a student and doing an internship. I have to test Microsoft Exchange Server 2013.
I am using Windows Server 2012, I already installed Exchange Server 2013 on it and everything works as intended.
But I couldn't find out how to configure my Windows Server 2012 in order to authenticate my mailbox users from Exchange Server 2013 with a RADIUS server which is not on my Windows Server 2012. I have to use their RADIUS server, the RADIUS server from the
company where I am doing my internship.
I already created a NPS and added the RADIUS Client + Remote RADIUS Server Groups. I created a Connection Request Policies with the condition:
User Name *
I forwarded the Connection Request to the Remote RADIUS server that I created in Remote RADIUS Server Groups and then I registered the NPS in th AD. But it's still not working.
Maybe I did something wrong or I misunderstood something or does this even work with Exchange Server 2013? To authenticate mailbox users with a RADIUS server before they can login into their mailbox and use their mailbox?
Thanks in advance.On Wed, 26 Mar 2014 09:21:25 +0000, DavidIntern wrote:
I already put the NPS as a RADIUS proxy. I followed this check list http://technet.microsoft.com/en-us/library/cc772591.aspx
But the things is I want to make it work with our freeRADIUS2 that we have in place here. Without changing our freeRADIUS2. But I found out this is not possible since we are not using any Active Directory with it. Since I am still a newbie in this environment,
I am not sure if it is possible.
But my main question was if it was possible to use freeRADIUS2 and that my NPS would be the RADIUS proxy. So my question is answered, if I understood right, without making any changes to our freeRADIUS2 this is not going to be possible right? Because we have
no AD?
Our setup is freeRADIUS2 + MySQL database where all the users are stored.
As I mentioned in my previous response this really isn't the right place
for this question but why would you want to try to use a MySQL store for
authenticating against Exchange in the first place when you've already got
an authentication store (Active Directory) that is tightly integrated with
Exchange?
I still really don't understand what it is you're trying to accomplish nor
why you're trying to use such a complicated, convoluted method to
authenticate Exchange users.
Paul Adare - FIM CM MVP
Any sufficiently advanced bug is indistinguishable from a feature. -
Why can't I log into my "Local" sql server (sql server 2014) with my Sql Server Authentication UID ?
I just got a new work station (win7 Pro) which has the following sql server
SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY ('productlevel'), SERVERPROPERTY ('edition')
returns
12.0.2254.0 RTM Developer Edition (64-bit)
Select @@version
returns
Microsoft SQL Server 2014 - 12.0.2254.0 (X64)
Jul 25 2014 18:52:51
Copyright (c) Microsoft Corporation
Developer Edition (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1)
I added/created a new (random) user account to this server [joe123] and made him sa and mapped him to everything, the password never expires, ...
when I try to login to this local server the login fails, but I can log into this server with my windows integrated account (also sa). What do I need to do so that the joe123 account can login to the server
Rich PCheck if both "SQL Server and Windows Authentication mode" is set (not just Windows Authentication mode). Server-->right click and select properties --> Security
Satish Kartan http://www.sqlfood.com/ -
Problem using Proxie server with Authentication & JEditorPane
Hello
I don't know if anyone has done this and if someone has I would really appreciate any help you could give me. I need to display a web page in a JEditorPane but the web page is accessed through a proxie server that uses authentication. I have tried using the setPage with username:[email protected] URL format for authentication but it doesn't work.
JEditorPane.setPage(new URL(urlStr))
this gives me an exception. The following is the exception message and printStackTrace
error:Server returned HTTP response code: 401 for URL: (Url I am trying to access)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:709)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:238)
at javax.swing.JEditorPane.getStream(JEditorPane.java:674)
at javax.swing.JEditorPane.setPage(JEditorPane.java:392)
at com.UrlChecker.panels.HTML.EditorPane._$2863(EditorPane.java:184)
at com.UrlChecker.panels.HTML.EditorPane.changeUrls(EditorPane.java:321)
Thank you for any help you can give me.Steve,
The URLs that I am using are internal. A similar type login page is the Oracle Metalink
http://metalink.oracle.com/metalink/plsql/ml2_gui.startup
I will try to find another webstie that you can test. Be back shortly
thanks -
Problem with inbuilt Solaris Apache Web Server v 2.0.58
Hi,
Set-up:
We are working on a custom application which works with the inbuilt Apache Web Server on the Sun Solaris platform. Here are the details of the versions of the various components involved:
Apache Web Server: Version 2.0.58
Platform: SunOS 5.10 Generic_127111-03
Our application is in the form of a shared library(.so binary) which is loaded into the Apache Web Server by mentioning the following directive in the Apache Web Server's configuration file (httpd.conf).
LoadModule at_module "/var/apache2/logs/sample/sample.so"
where, sample.so is our application's binary
and at_module is the name of the module.
httpd.conf file has been attached for your reference.
Attachments:
httpd.conf - Apache Web Server's configuration file.
sample-apache.cpp - Sample program which is showing the problem.
httpd.h - Apache Software Foundation's file which contains the structure "request_rec" that represents the current request.
Problem summary:
For each request to the Apache Web server, the server maintains a table of type "apr_table_t" which contains the header environment from the request. There is a structure "request_rec" maintained in the httpd.h file:
/** A structure that represents the current request */
struct request_rec {
/** The pool associated with the request */
apr_pool_t *pool;
/** Request method (eg. GET, HEAD, POST, etc.) */
const char *method;
/** MIME header environment from the request */
apr_table_t *headers_in;
In our case, when we try to retrieve the address of "headers_in", we get a NULL Value. Please refer to the attached "sample-apache.cpp" program. In this program, inside the access_checker() method, we try to retrieve the address of "headers_in" and get that as NULL:
extern "C" int access_checker(request_rec *r)
FILE * fp;
fp = fopen("/var/apache2/logs/sample.txt", "a");
fprintf(fp, "\n r->headers_in = %u, r->method = %s", r->headers_in, r->method);
fclose(fp);
return OK;
Here is the output of the sample program after accessing the main page of the Web server:
r->headers_in = 0, r->method = GET
r->headers_in = 0, r->method = GET
r->headers_in = 0, r->method = GET
Though we are able to retrieve one member of the structure request_rec (method), we are not able to retrieve the address of the other member (headers_in).
Observation:
We made an interesting observation that when we used the same sample program with the inbuilt Apache 2.0.52 Web Server on Solaris, we were able to successfully retrieve the address of headers_in. Here are the details of the set-up which is working fine:
Apache Web Server: Version 2.0.52
Platform : SunOS 5.10 Generic_118822-30
Thus, there is something different which has happened between the Sun's Solaris Apache Web Server's versions 2.0.52 and 2.0.58 which is making it unable to retrieve the address of the request headers (headers_in).
I am requesting someone to kindly shed light on this difference and let us know if we need to change the way of retrieving the request headers for Solaris Apache 2.0.58.
Thanks,
Atul.The only way you can achieve it is by running the web server to listen on port 80
Please change the port in your httpd.conf file for the webserver and restart it.
If any other processes are running/using on port 80 on that machine, then please stop them, otherwise you will not be able to achieve your requirement.
Arun -
How do I edit the permissions that Adobe Media Server creates directories with?
OS: CentOS 6.6 AWS-provided AMI found here
I'm using Adobe Media Server 5.0.7.
I have my application set up so that when a user records a video to the server, it goes into its own directory.
If this directory does not exist, it is created automatically by AMS. The problem is that this new directory is created with a permission level that prevents my other app from reading and accessing objects inside of it.
How can I tell AMS to create directories with a permissions level that I specify?I was reading up about nellymoser on Wikipedia (the most reliable source!) and it seems like Adobe has problems with the licensing for nellymoser. They apparently tried to release a standalone converter, but the licence agreement that was inherited with the codec didn't allow it.
So maybe it's just a rock in a hard place situation. Really too bad, if this is the case, that a company can own something but not be able to allow their customers to use it fully.
Maybe you are looking for
-
Problems using mathml XML Schema in XMLDB
I have successfully loaded the hierarchy of XML Schema definition documents for the current 'mathml' by adjusting the relative paths in all include and import statements, and by forcing the load to overcome cyclic dependency issues. However when I tr
-
How do I get the volume on my ipod classic to the same level for all songs? Some songs are a lot lower than others.
-
I have an unknown shared server in Finder. What is it and how can I get rid of it?
Hi, I just noticed there is a shared server/ network listed in Finder, but I do not recognise it and cannot connect to it. Could anybody tell me what it is and how I can remove it? Thanks! This is what it looks like:
-
Cost center change in the Asset master record
Hi When ever cost center changed in the Asset master record, can it possible what ever the dep that is posted to previous cost center,that will automatically transfers to the new cost center,is there any programme for this,i can use repost functional
-
Where can i find the wall amount for 610 1201
where can i find the wall amount for 610 1201 This question was solved. View Solution.