Software :: Kerberos Credentials Aren't Forwarded After SSH?
Feb 15, 2010
I have configured 'passwordless' SSH between our machines using GSSAPI authentication which is all working beautifully (Active Directory KDC).I now want to make sure that the user's kerberos crednetials are forwarded as well using the 'GSSAPIDelegateCredentials yes' on the SSH client.However, it seems as though the openssh server on Red Hat 4.8 has not been compiled to support this, because if I run sshd in debug mode, I see the client 'delegating credentials' but nothing appears in the debug log on the server to suggest the the credentials have been received, and sure enough a quick 'klist' shows that the user does not have any tickets.So two questions:1. Am I right about openssh-server on Red Hat Enterprise 4.8 not supporting delegated credentials
View 4 Replies
ADVERTISEMENT
Aug 23, 2011
I can't forward my kerberos credentials to a computing resource before connecting to the resource for which I have kerberos credentials. In other words, from my machine at work I obtain my ticket with kinit -f to a computing facility off in some lab somewhere.
Then, I want to ssh to another machine in another department (I don't have control over the krb5.conf file or this would have been easy) where I work. It is on this machine I want to be able to ssh,scp, etc to this far off lab. I've tried several options around this barrier, but I'm a total failure thus far. I checked that GSSAPIAuthentication is set to yes.
[Code]...
View 2 Replies
View Related
Mar 23, 2011
One inconvenience I face now, though, is that I cannot tell if I have already forwarded certain messages or not, because the message is not automatically tagged as forwarded. how to set it up, so it would indicate in the list that the message has been forwarded?
View 2 Replies
View Related
Jan 20, 2011
I've managed to set things up to the point where I can start xclock with the putty ssh terminal and have it show up as a window on my windows client rendered by x-deep32 x-server emulator. I've tried issuing the command "kdm start" but no window with a window manager pops up.
How do I get this to work so that I can control my remote ArchLinux machine through my windows client with KDE window manager?
View 6 Replies
View Related
Jul 5, 2011
I use a Mac, but do all my development on a remote Linux machine which I access over SSH. Recently I've started using X forwarding to show some of the remote machine's graphical applications in windows on the Mac desktop. For the most part, this works really well - except that the applications look terrible: huge fonts, ugly widgets. Being the Mac-using perfectionist I am, I want to try and improve the look of these windows. Is there any way of using alternative widgets in an X-forwarded application? What would I need to install on the Mac, or on the remote machine?
View 1 Replies
View Related
Dec 5, 2010
I cant get my ubuntu machine to forward my vnc - I cant log on my windows machine running the server (it is DMZ and its ip is 192.168.1.2)Here is my firewall dump? What am I doing wrong? The important parts are connection sharing and forward allowance..
Code:
#!/bin/bash
ipt=/sbin/iptables
[code]....
View 1 Replies
View Related
Apr 19, 2011
We are forwarding logs (perl script executed logs) to one Red Hat Linux box. We have to get 97 logs for each time the script runs. But we see inconsistent number of logs coming to Linux box. Like one time we got 56, other time 3 , other time 43.. like this.. We are sure that 97 logs are being forwarded. Checked the Rsyslog.config filer any filters and couldn't see any filter dropping them. When we run the tcpdump, we can see 97 connections, but logs are not there in specified location.
View 1 Replies
View Related
Mar 22, 2011
I'm ssh X11 forwarding xconsole to a Fedora 14 desktop. The font in xconsole is very large. I'd like to reduce it, but can find no means to do so. I looked at the XConsole resources file and there's no way to set a font type, or size. Man page for xconsole also has nothing in this regard. Changing the desktops DPI doesn't have the desired effect either.
I've been doing this X11 forward for years, and this is the first time I ever get a too large font in xconsole. Is there some other configuration or resource I'm missing?
View 2 Replies
View Related
Feb 28, 2010
I'm trying to setup my debian system so that I can access it's services from the internet
I have my router set to forward ports 21, 22, and 80 to the internal ip of the server, and internet port checking tools tell me the ports are open at my external ip.
On the debian I am running Apache, ProFTPD, and SSH Server, and they all work fine for me inside the network, but whenever I try connecting with my external ip, all connections are immediately refused.
So I don't know if its a problem with my router setup, with my debian system setup, or the setups of the servers.
View 4 Replies
View Related
Jul 20, 2010
I am running Fedora Core 8 as my mail and proxy server. My mail works properly for all users, but the problem I'm having is that when I create an alias for user's email to be forwarded to their gmail, the ISP bounces the mail. My ISP has given me an open relay to send mail.Is there somewhere in sendmail that I could put the user name and password of the ISP, so that the ISP will not bounce the forwarded mail. Or is there something that I'm missing?
View 1 Replies
View Related
Feb 15, 2011
I'm using madwifi linux driver (ath1) in monitor mode to capture some wireless traffic. I can see that all wireless traffic is coming well through the wireless interface (checked using TCPDUMP). What I want to know is how I can forward the captured wireless packets to a different Ethernet interface (e.g. eth2) in the same machine to send those captured packet out to a different computer.
I set 1 for /proc/sys/net/ipv4/ip_forward
for iptables, I tried this rule: iptables -A FORWARD -i ath1 -o eth2 -j ACCEPT
However, I coudn't read any packet from eth2 via TCPDUMP.
View 11 Replies
View Related
Feb 18, 2011
the apche2.conf and vhost file I gave the link are the machine on LAN when site is actually hosted.When some one from internet access the site then I expect a log of IP in access.log instead of which I see the IP of machine which is working as Reverse Proxy server for all such requests.What mistake did I do above.
View 4 Replies
View Related
Jul 8, 2010
Mail going to invalid email addresses are being forwarded to postmaster@domain instead of being bounced. How can I fix this? postconf -d | grep mail_version gives the following: mail_version = 2.2.5
View 4 Replies
View Related
Jun 6, 2011
I have my own internal bind9 server, for my local domain, and I forward internal requests for public domains to OpenDNS servers. This server is not in a DMZ, but is instead behind an dynamic NAT. I do not accept queries from the public network, only responses. I understand that DNS is primarilly a UDP protocol, so it can't pass through a stateful/nat. without a firewall allow.
I've done a little reading and learned that bind9 does not run 53 <-> 53 anymore (is now >1024 <-> 53), and modified my config so it works like bind4 did, but I am concerned that this makes me less secure. additionally, I'd really rather not have a completely open 53 rule, but it seems that if I constrain 53 traffic to my known forwarders, it interfers with some of my network services like transmission. so, what firewall rules would you guys recommend for recieving forwarded DNS query responses to my server?
View 1 Replies
View Related
Apr 25, 2010
I managed to get my hylafax server nice and going, I also setup up AvantFax and Faxy to reach it from the web..What I still want to do it to send a mail from my blackberry device with a JPEG attachment, and have it forwarded as a FAX to the recipient fax machine...
I read and saw a few documentation here and there, but it is very confusing for me...
courier-faxmail seemed nice, but it conflicts with Hylafax..
Hylafax help support is unclear to me...
I'm not sure jpg attachments from blackberry are "standard" jpg, and, I have no idea how to forward this as a fax...
For what I understood, I need to have a running mail agent on my server, and a script to forward this to hylafax..
View 2 Replies
View Related
Jun 19, 2011
I host a number of sites and recently migrated to a new server (both old and new are running Ubuntu 10.04 [I only upgrade my web server when there is a new LTS release]). After the migration, Wordpress is asking for ftp credentials to update plugins, which it never used to do. I'm certain this is user/group/permissions related, but because of the new setup, I'm not sure what these should be set to.
On the previous server, each site was a subdirectory of /var/www/ and everything was owned by www-data. This wasn't the best setup, since it meant my users didn't have direct access to their own sites. In the new setup, each page I host is in /home/username/www/. Consequently, all the files are owned by 'username'.
My guess is that Wordpress' request for ftp credentials stems from a conflict between the apache2 user and the usernames that own the sites. Is this accurate? If so, how do I rectify this?
View 4 Replies
View Related
Nov 17, 2010
I did a port scan on my server from outside my network and saw that port 10080 AMANDA is open.Amanda isn't installed on any of my computers or my server and the port is not forwarded by my modem or router. So why is this port open and how can I close it?
View 6 Replies
View Related
May 10, 2011
I have just installed openldap on my Red Hat server and it is running:
[code]...
However when I try to add my first ldif file base.ldif, no matter how many time I enter in the correct password I get invalid credentials [root@server init.d]# ldapadd -D "cn=Manager,dc=mathcs.duq,dc=edu" -W -f /home/oberlanderm/base.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) I have to be forgetting someting simple,
[code]....
View 8 Replies
View Related
Oct 12, 2010
I have some important cgi files run on top of Apache inside cgi-bin directory.My requirement is to once user try to access the cgi file authenticate using Active Directory username/password. If user enter the correct domain credentials only user aloow access to the page in any time user trying to access otherwise not. I configured this using htaccess and htpasswd.But in this case I need to manually configure username/password for htpasswd file. Instead of this I want to authenticate with the Active Directory.
View 1 Replies
View Related
May 2, 2011
I have installed a Samba Server (Ubuntu 10.10 Server) detailed config below. The server is up and running but clients running windows 7 cannot connect as their credentials are not accepted. The pop window for credentials keep coming back up on the clients and no connection is issued. I have tried to change the policies on windows 7 as such:
Network security: LAN Manager authentication level Send LM & NTLM responses
Minimum session security for NTLM SSP
Disable Require 128-bit encryption
But to no avail. I am in doubt as far as where the issue is coming from. Meaning is it coming from my Samba conf or something in Windows I am not doing right.
[global]
server string = %h server (Samba, Ubuntu)
interfaces = 192.168.178.0/24, eth0
bind interfaces only = Yes
[code]....
View 6 Replies
View Related
Sep 9, 2010
I have configured SquirrelMail on my RHEL 5.4 machine for learning purpose and I am stucked at the final step. I am following this doc.
After configuring, I have browsed to [URL] Here, server.red.com is the hostname of my server.
This page is asking Name and Password from me, but I haven't given any credentials while configuring it.
Are there any default credentials ? Or may be I need to change my config files or something ?
View 14 Replies
View Related
Sep 6, 2010
I've got an asp page (I can't edit) which I can access with a test user I've setup, however when I try to access to same page via curl, I get the following error:
Code:
<h1> You are not authorized to view this page </h1>
The URL you attempted to reach has an ISAPI or CGI application installed that verifies user credentials before proceeding. This application cannot verify your credentials. There's lots of other text (doubt it's relevant though).
Here's the one liner I'm using:
Code:
curl -A "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" -u myusername:mypassword [URL]
I've done some searching but cant find anything which doesn't suggest rewriting the asp...
View 1 Replies
View Related
Jan 18, 2010
Is there a way to embed the user password in the following code?
Code:
rsync -r -n --progress --delete -u -l -e ssh 192.168.1.9:/Volumes/1TB_Internal/Music "/media/Storage/Libraries/My Music"
[code]...
View 4 Replies
View Related
May 18, 2010
I'm trying to set up an OpenLDAP server on a clean install of 10.04 server (AMD64). Following the server guide [URL] I get down to the "Setting up ACL" step:
$ ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W oldDatabase=hdb oldAccess
This command fails with "ldap_bind: Invalid credentials (49)"
When I replace the dn with what it seems like it should be:
$ ldapsearch -xLLL -b cn=config -D cn=admin,dc=example,dc=com -W oldDatabase=hdb oldAccess
I get "No such object (32)"
I have a feeling this is because 10.04 no longer asks you for the admin username and password during the initial debconf (nor does dpkg-reconfigure).
I can continue through the guide using this form of the commands (which were used earlier in the Guide):
$ sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config olcDatabase=hdb olcAccess
But I'm a little concerned that I'm not able to properly use the admin user to make LDAP changes to the configuration. It also seems like the Server Guide ought to use the 'sudo ... -Y EXTERNAL' form of the commands throughout if cn=admin,cn=config isn't going to work.
View 5 Replies
View Related
Sep 2, 2010
I'm using SAMBA as a file server on a Ubuntu Server 10.04 32-bit. I'm using a 10.6.4 Mac client and a Windows 7 client. I created shortcuts on the client machines to point to the shared folders with embedded credentials ("Remember password" is ticked), but the problem is that whenever the Windows user logs off, the credentials are forgotten and the user needs to re-enter them. This problem does not occur on the Mac client.
Code:
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
[code].....
View 6 Replies
View Related
Oct 26, 2010
I just wanted to checkout samba. So, I installed on a CentOS 5.5 64bit server. The version I used is 3.5.6. I followed this guide. [URL]. LDAP is working good. When I use the following command: (net groupmap list) I am getting the error.
Code: [root@server1 samba]# net groupmap list
[2010/10/26 16:26:09.135901, 0] lib/smbldap.c:1151(smbldap_connect_system)
failed to bind to server ldap://127.0.0.1 / with dn="cn=root,dc=mtm,dc=testdomain,dc=com" Error: Invalid credentials
[2010/10/26 16:26:39.180063, 0] passdb/pdb_ldap.c:3448(ldapsam_setsamgrent)
ldapsam_setsamgrent: LDAP search failed: Time limit exceeded
[2010/10/26 16:26:39.180109, 0] passdb/pdb_ldap.c:3523(ldapsam_enum_group_mapping)
ldapsam_enum_group_mapping: Unable to open passdb I am sure that I have set the correct password in Code: smbpassword -w mypassword.
Also, I can login to the LDAP thourgh PHPLDAPAdmin with the same password and the bind cn.
Here is my smb.conf Code: # Global parameters
[global]
ldap ssl = off
nt acl support = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
workgroup = TESTDOMAIN
netbios name = SERVER1
security = user
enable privileges = yes
#interfaces = 192.168.5.11
#username map = /etc/samba/smbusers
server string = Samba Server %v
#security = ads
encrypt passwords = Yes
#min passwd length = 3
#pam password change = no
#obey pam restrictions = No
# method 1:
#unix password sync = no
#ldap passwd sync = yes
# method 2:
unix password sync = yes
ldap passwd sync = no
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *
New password*" %n
"*Retype new password*" %n
"
log level = 10
syslog = 0
log file = /var/log/samba/log.%U
max log size = 50
time server = Yes
#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=root,dc=mtm,dc=testdomain,dc=c om
#ldap admin dn = cn=samba,ou=DSA,dc=company,dc=c om
ldap suffix = dc=mtm,dc=testdomain,dc=c om
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
#ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m "%u"
#ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
# printers configuration
#printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
#force create mode = 0640
#force directory mode = 0750
#nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile folders:
preserve case = yes
short preserve case = yes
case sensitive = no
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
#force user = %U
# next line allows administrator to access all profiles
#valid users = %U "Domain Admins"
[printers]
comment = Network Printers
#printer admin = @"Print Operators"
guest ok = yes
printable = yes
path = /home/spool/
browseable = No
read only = Yes
printable = Yes
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
# print command = /usr/bin/lpr -U%U@%M -P%p -r %s
# lpq command = /usr/bin/lpq -U%U@%M -P%p
# lprm command = /usr/bin/lprm -U%U@%M -P%p %j
# lppause command = /usr/sbin/lpc -U%U@%M hold %p %j
# lpresume command = /usr/sbin/lpc -U%U@%M release %p %j
# queuepause command = /usr/sbin/lpc -U%U@%M stop %p
# queueresume command = /usr/sbin/lpc -U%U@%M start %p
[print$]
path = /home/printers
guest ok = No
browseable = Yes
read only = Yes
valid users = @"Print Operators"
write list = @"Print Operators"
create mask = 0664
directory mask = 0775
[public]
path = /tmp
guest ok = yes
browseable = Yes
writable = yes
View 2 Replies
View Related
Feb 6, 2010
This is my first post so quite fitting it should a pretty stupid question. I have a CentOS server to which I have installed mysql/apache/vsftpd/php5 and wordpress. I can ftp in using the ftp account (i changed the password) but it cannot create directories/files. Im trying to change the wordpress theme for which it askes for FTP credentials and when I put them in i get this error Could not create directory /var/www/html/wordpress/wp-content/upgrade/midnight-blue.tmp
I am guessing this is either a permissions problem on the user side or a directory permissions/ownership issue, but i have no clue where to start on this.
View 2 Replies
View Related
Dec 3, 2010
M trying to install sendmail server on rhel6.i am having problem in setting up openldap.
following is slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include/etc/openldap/schema/corba.schema
include/etc/openldap/schema/core.schema
code....
but if i try to change ldap password it gives
ldap_bind: Invalid credentials (49) error
i was successfully able to restore my ldif file from old rhel 5.3 server on to rhel 6
View 14 Replies
View Related
Feb 5, 2009
I want to read the user username and password available in a password file. I want the password to be stored in a user home directory and my perl script should read , whenever needed from that file. Am not a Perl programmer and I want to set this for admin related activities. In what syntax I need to write the password file and How to call them using the perl script.
View 3 Replies
View Related
Mar 31, 2015
I've recently been tasked with setting up a couple linux servers and have run into an oddity. Using the default install for Wheezy to set up a basic LAMP stack, I have noticed after joining the computer to my windows AD domain, the Add/Remove Software application no longer prompts me for authentication and will not remove or add applications. I installed samba, winbind, and krb5 using apt-get from the root console following the procedure listed here. [URL] ....
View 2 Replies
View Related
