Is there any way to provide different methods of authentication on a apache directory (used for webDAV). I need it to use htpasswd and winbind, can't find any guides on implementing them both. Basically domain users need to be able to access the webdav and other users (who will be provided with a username and password NOT on the domain).
View 1 RepliesI just went through a painful upgrade from 8.04 to 10 LTS. I've made a lot of progress but am still having email problems. Dovecot seems to not be able to run, the log is continually reporting:
Aug 22 23:47:34 amd64 postfix/smtpd[22298]: fatal: no SASL authentication mechanisms
Here's this section of dovecot.conf:
auth default {
mechanisms = plain login
passdb pam {
}
[Code]....
What security mechanisms are used by recent versions of the Linux operating system during user authentication?
View 3 Replies View RelatedI just installed a net-install of debian 5.0.6. with no GUI and Apache http d. Does anyone know where I can find or how to do a basic Authentication on my web server (user-name and password) I found some stuff but they include .HTpass (of Apache) etc etc, but I can't find them anywhere
View 1 Replies View RelatedI have an old Apache version (1.3.11) and an old Redhat release (2.1.12-20 - Cartman)and need to authenticate a Windows 2003 domain. The authentication to an NT domain already works as expected (see below) but unfortunately I am unable to find the correct LDAP module for V1.3.11 to allow authentication.
From what I have read the LDAP module needs to be compiled with Apache but I am really not sure. Unfortunately I am unable to upgrade to Apache2 when I could presumibly use the authnz_ldap_module but if someone could point me to the correct LDAP module for 1.3.11 it .
Ive installed openldap-1.2.9-6 and openldap-devel-1.2.9-6 but don't particulary want to go down configuring LDAP when hopefully I can simply add the LDAP module to Apache which was not compiled in Apache initially.
Also, do I need to specifiy the AD domain password in the directives or can the Windows lads just create any account I can use.
I have an issue with Apache2 and ldap authentication. Here are the specs:
Linux 2.6.32-24-generic i686 GNU/Linux Ubuntu 10.04.1 LTS
Apache/2.2.14 (Ubuntu) PHP/5.3.2-1ubuntu4.5 with Suhosin-Patch configured
I have installed our site onto a newer server as we were previously running SLES 9.3. The site has installed correctly, however, It seems to be serving the pages a hell of a lot slower than SLES (eventhough the specs etc are much improved). The main problem seems to be with Ldap - sometimes taking 2 or 3 minutes before authenticating/serving the user - and sometimes one minute it works, another minute it doesn't! We know it's a problem specific to this Ubuntu machine, as the older server has no issues with ldap whatsoever. Also, sometimes the ldap authentication fails all together with a timeout, resulting in a 500 status code. I'm not sure whether this a problem with the apache config, the network settings or the server setup. We know ldap itself is fine.
Here's the /etc/apache2/sites-available/default config for ldap. Are these directives correct? (I know a lot of changes were made between apache2 and apache2.2 that may affect this config):
Code:
ScriptAlias /home/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-bin/">
AuthType Basic
AuthzLDAPAuthoritative On
AuthBasicProvider ldap
AuthName "Active Directory Authentication Required."
AuthLDAPURL "ldap://x.x.x.x:3268/DC=xxxxxx,DC=com?userPrincipalName?sub?(objectClass=*)" NONE
AuthLDAPBindDN "xxxxx@xxxx.com" AuthLDAPBindPassword xxxxxxxx
require valid-user Options +ExecCGI -Includes AllowOverride None
</Directory>
Here's some examples of some of the log messages we have been receiving:
1. This one occurs upto ten times in a row when the client is being authenticated:
Code:
[Thu Nov 04 12:47:19 2010] [debug] mod_authnz_ldap.c(377): [client x.x.x.x] [2892] auth_ldap authenticate: using URL ldap://x.x.x.x:3268/DC=xxxxxxx,DC=com?userPrincipalName?sub?(objectClass=*), referer: http://x.x.x.x/home/page
2. This is output when the authentication works:
Code:
[debug] mod_authnz_ldap.c(474): [client x.x.x.x] [2734] auth_ldap authenticate: accepting xxxxx@xxxx.xxxxx.com, referer: http://x.x.x.x/home/page
3. And this one is always output after the error above. This one is more interesting. What does this mean exactly? And why does it say 'declining to authorise' directly after saying 'accepting user@domain.com'? Surely this makes no sense:
Code:
[debug] mod_authnz_ldap.c(546): [client x.x.x.x] [2939] auth_ldap authorise: declining to authorise (no ldap requirements), referer: http://x.x.x.x/home/page
4. This one is output when the authentication attempt times out (after 10 outputs of error number 1):
Code:
[warn] [client x.x.x.x] [3165] auth_ldap authenticate: user xxxx@xxx.xxxxx.com authentication failed; URI /home/page [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server], referer: http://x.x.x.x/home/page
I have tomcat installed with port forwarding to http port 80. I configure ldap authentication for apache2(/var/www). But I could not configure tomcat for ldap authentication.
View 1 Replies View RelatedI am trying o configure phpLDAPadmin on OEL 5 with apache 2.2.14 ,php 5.13 and phpLDAPadmin 1.2.0.4
apache directory = /apache
php directory = /apache/php/
phpLDAPadmin directory = /var/www/phpLDAPadmin 1.2.0.4
I am following the way given in the website : [URL]... but after configuring when i am trying to connect to the site [URL]... Authentication Fails and I am not able to log in with my LDAP user "Manager" I am using openldap version 2.4.21
I was trying to setup SSL Client authentication on only one virtual host. Here is a brief excerpt sample of my conf file for the virtual host:
<VirtualHost xx.xx.xx.xx:443>
SSLRequire %{SSL_CLIENT_S_DN_O} eq "something"
SSLVerifyClient require
SSLVerifyDepth 2
</VirtualHost>
But when I try to check for syntax errors tells me SSLRequire not allowed here I do not want to add SSLRequire on the main httpd.conf because I only want it for one virtual host. The rest of the virtual hosts do not need it.
I am trying to set up Apache and Webmin so that I can access Webmin by going to [URL]. I am using the direction at [URL] under the "Webmin In A Sub-Directory Via A Proxy" section. I had this setup working before, but I think an update of either Webmin or Apache broke it. Now, I can go the the webpage and I see the login screen. However, when I try to log in, I get an error.
Quote:
Error - No cookies
Your browser does not support cookies, which are required for this web server to work in session authentication mode I have tried adding the ProxyPassReverseCookieDomain and ProxyPassReverseCookiePath directives to my virtual host config file, but it still doesn't work.
Quote:
# webmin
ProxyPass /webmin/ http://localhost:10000/
ProxyPassReverse /webmin/ http://localhost:10000/
[code].....
I've enabled LDAP authentication on my 2.2.15 Apache server, but now pages load very slowly. As in, 1.515s with it enabled, and 187.4ms without (just the base page, numbers collected via Firebug). Here's my LDAP config (other directives snipped) -
Code:
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LDAPSharedCacheSize 500000
LDAPCacheEntries 2048
LDAPCacheTTL 3600
LDAPOpCacheEntries 2048
LDAPOpCacheTTL 3600 LDAPTrustedGlobalCert CA_DER ssl/ldapserver.der
<Directory "/example">
AuthType Basic
AuthBasicProvider ldap
AuthName "intranet credentials"
AuthLDAPURL "ldaps://ldap.example.com/ou=ldap,o=example.com?mail"
Require ldap-group cn=example,grp,ou=memberlist,ou=groups,o=example.com
How can I speed this up, or at least determine why it's so slow?
Im using opennms network configuration backup server called 'RANCID'.It run on top of RHEL5 system and using APache. Here's the link which i'm accessing [URL] But any one can access this URL and obtain my configuration files
I want to secure this using a logon page.allow login Only for the successful authentications by entering the predefined username and password But after get authenticate book marking the above URL still can access anyone since it didnt prompt username and password again In eachtime executing the above url it should direct to authenticate page
I'd like to burn DVD (my pictures and some data) with a possible strong protection mechanismus, to prevent of DVD media copying and not pictures data copying. Which program can I use under Linux?
View 10 Replies View Relatedi have been following the guide below to setting up mail on Debian. All has gone so far ok, until I get to the part where you have to paste the following into the dovecot.conf file. If i try to restart dove cant it say it doesn't understand or cant recognize the line about mechanisms but i have checked this out word for word and it matches the guide so whats going on. The site it got the guide from is below.
[Code]...
Howto find out protection mechanisms from the protected CD or DVD media?
View 6 Replies View RelatedI am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
I have CentOS 5 configured with apache web server. but it is not asking for password authentication while accessing the web page. the config detail is as below code...
View 15 Replies View RelatedI want to configure SSH key-based authentication and SSH password Authentication in same machine for different user .
View 1 Replies View RelatedOn Ubuntu server 10.10, with a relay smtp server with authentication via postfix; I keep getting 535: Incorrect authentication data. I'm sure my username and password is correct. Heres how I set up postfix: I created a file called smarthosts.conf in my /etc/postfix/ directory that contains the following:
[Code].....
my server uses plain text authentication on port 25. I would like to use security like SSL, but this particular server is unsecured.
If I am running a script, let's say a install script. Is there a way to make Su repeat authentication rather then just returning "Authentication failed" and continuing the script?
View 3 Replies View RelatedI need to make a choice on what authentication protocol I want to use for Authentication and Authorization. I was looking at Radius and then literature suggested that Diameter was a better protocol. Keep in mind I need this on a hetrogeneous setup ( linux & windows together). Diameter seemed like a good fit until I discovered that the open source code no longer seems to be maintained ( C/C++).
I was also looking at Kerberos as an option though there is alot overhead with the server. SSL/TLS or EAP? I am looking for simple but secure and am new at the security protocols.
I have a problem with ldap client authentication in ubuntu. I am using rhel5 as openldap server and I configured ubuntu as client, when I am trying to login the following message is coming."su: Authentication service cannot retrieve authentication info. Sorry"
But when I do search through "ldapsearch" command output is coming without any errors, Can anybody explain what would be problem.
I have a network and am using squid proxy with authentication I want to create another subnet without authentication.
View 1 Replies View RelatedAny one have an idea How to clear apache cache without restarting apache server.
View 5 Replies View RelatedI am upgrading my server and I have a lot of sites. Since I cannot take my server down for a few days, maybe a week until I manage to migrate all the sites to the new machine, I figured I could migrate them one by one. After migrating one, I would somehow tunnel the requests of that name virtual host to my internal machine. When everything is migrated, I would then switch the machines, update ip's and stuff and everything will work just fine.
However I cannot seem to find a way to do this tunneling. is this at all possible? If not, what alternatives do I have?
I am installing Big Brother on a CentOS 5.2 running the default Apache 2.2.3. When I try to access any web page I get the following error: Forbidden You don't have permission to access /bb/ on this server. Apache/2.2.3 (CentOS) Server at fmsubbnix Port 80 So far I have:
1) Set the Directory options to FollowSymLinks
2) Verified all directory and file permissions are at 755
3) Set permissions temporarily to 777 and received same error so I am assuming the issue is in a config file somewhere
4) in hhtpd.conf verified <Files ~ "^.ht"> is correct
5) verified the "default" directory is correct (/var/www/html)
I have read and tried several ideas in posts listed on the web but to no avail and am at a loss as to what to look for next..
I am trying to solve a problem where Apache stats aren't displaying correctly in Munin. I've ran through quite a bit of checks and tests regarding Munin setup, but I think my issue is related to Apache, but my skill set there is lacking.
first, system info:
monitored server:
CentOS 5.3 2.6.18-128.1.1.el5
[code]....
I want to run a linux command with apache through web browser and that's is not working. and it's working properly when I execute this command through terminal, where is the problem?
NOTE: apache have the privileges to execute the command
Here is the scenario that I�m facing.I have setup a RHEL5 machine with smb, winbind and krb with ads as the security model. Joined the RHEL machine to the domain.I�m able to see users on the active directory and also able to log-in using SSH which automatically creates a home directory for me (using oddjobd).Two things that I�m trying to achieve are:1.Only users from a certain group on the AD should be allowed to ssh into the RHEL machine.2.Once they ssh in, they should not be able to go to any other directory other than their
View 2 Replies View RelatedI want to set up NIS server. and using NIS wants to authenticate AD (Active Directory ) Users.
e.g 1) how to give rights for windows user using NIS.
2) how to manage windows user on Nis Serrver
3) if password change in windows server that should reflect in NIS Server
provide steps of Setting up NIS server.