I'm testing owncloud. It is very nice system. I have to test authentication with ftp server with plugin "External user support". When I enable it in web admin panel nothing is happening. I don't know where to set up things that will enable authorization with my ftp server.
Depending on which version of ownCloud you are using, see either
http://doc.owncloud.org/server/5.0/admin_manual/configuration/custom_user_backend.html
or
http://doc.owncloud.org/server/4.5/admin_manual/custom_user_backend.html
Related
For our FTP server, my company has installed FileZilla Server version 0.9.41 beta. The server is working well and we're pleased with it. My question involves account management - FileZilla Server includes an easy-to-use UI for managing user accounts, but I would prefer to handle user accounts with the rest of our customer info, like logins for the company website, notes of the last support issue, and so on. I don't see a way to configure FileZilla Server to accept a different account manager. Is there a plugin architecture that I can code against, or better, modules that I can install that would give me the flexibility I'm looking for? Ideally, I'd be able to configure FileZilla Server with a SQL connection string and CRUD queries, and then manage the account store myself.
There is a XML file called "FileZilla Server.xml" in your program directory. In this file you can edit all relevant options regarding settings and user management of the server.
Don't forget to reload the config with "/reload-config" afterwards.
I have deployed an MVC 3 website on IIS of my Windows Server 2003 edition. I have set the authentication to Basic, Integrated, and Windows in order to enable site to use Windows authentication, and automatically log in into website if the user has launched the site from the same domain. If user access the site from another domain, it should prompt the Windows credentials and should allow user to log in.
However the problem is that, user is presented with Windows login prompt every time (irrespective to same or different domain), and also when user provides valid credentials it doesn't allow user to access the site.
What could be the problem here? Or, can anyone provide me proper guide to configure IIS to use Windows Authentication while deployed on Windows Server 2003?
What is the version of IIS you are using ? Could you try to force NTLM authentication and see whether it will change anything ? Followin technet article will tell you how to change to NTML http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/7258232a-5e16-4a83-b76e-11e07c3f2615.mspx?mfr=true. Please backup the server/iis configs before attempting any modifications to the metabase
I have setup a secure(Kerberos) Oozie environment in CentOS 6.3 using CDH 4.1.2. I am able to view the Oozie web console from CentOS machine which is hosted in server. But is there a way to view the webconsole from my local Windows machine.
I have tried creating a HTTP principal with my windows machine as hostname. I am able to get a valid ticket for HTTP principal. But when I open the Oozie Web Console, I get the following error
org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
Am I missing something. Help me guys.
Thanks,
Vishnu Ganth
This error occurs because your browser sends request for NTLM authentication instead of kerberos.
In internet explorer follow below steps,
go to Internet Options
In security tab, select Local intranet.
Click Custom Level in the below, Make sure Automatic logon only in intranet zone under the User Authentication section.
In the Internet Options, select Advanced tab and make sure enable Integrated Windows Authentication selected under security section.
Once the above steps done, it will work on both internet explorer and google chrome.
If you are accesing it from the Cross realm, your widows-based clients should know the KDC location to create proper SPNEGO token. You need either create a separate policy in your AD for that type of users or you can manually from command line add mappings in client machine's registeries so that they would know about your Hadoop realm KDC:
ksetup /addkdc HADOOP.DOMAIN.COM hadoop.nodewithkdc.com
ksetup /addhosttorealmmap hadoop.nodewithkdc.com HADOOP.DOMAIN.COM
I heard that on Windows you can login from a web browser to the web server without going through the usual login entering username and password but using instead the credentials from Windows directly, using the NTLM protocol.
How is this achieved? Does the web server need to support some additional authentication?
Update: I'm asking for a generic web server, not just IIS. How to do that on Apache for instance?
The webserver just needs to be configured to support Windows authentication (which will be NTLM, or - better - Kerberos if both client and server are W2K or later). I believe that IIS or Apache can be configured to do that.
The browser also has to support this - at least IE does so (not sure about the others, it may be possible). edit: looks like firefox has some support for this too, and safari on MacOS
edit: for details on apache, google modules for NTLM authentication. Kerberos modules also exist. as per other answers, this really only works on an Intranet - not just because the browser needs to be in an Intranet zone (only applies to IE), but because any intervening firewall will typically stop this working, and because the necessary interdomain trusts will probably not exist. It's also a bit trickier to make work if the apache server is on UNIX, and especially if you also have Kerberos servers on UNIX in the mix, but still possible.
It will only be seamless in a specific situation; namely the webserver needs to support NTLM (for example, IIS), and it needs to be in a zone that the client is configured to trust (The "Intranet Zone" in IE parlance, unless the end user has tweaked their settings)
If your webserver and client pc's are on a network secured by Active Directory or similar, you can set 'Windows Integrated Security' in IIS on the web server for the website which automatically logs in all I.E clients (That are allowed).
As stated previously, NTLM is typically used if your back end is Windows Managed (MS Active Directory). However, there are also modules available for Apache that will tie into this: mod_ntlm.
Since this is it's own protocol, it is required that the browser is able to understand this protocol and reply to the authentication challenges. I don't know which browsers support this off hand, but my assumption would be that most do.
From my experience, kerberos is more of a prefered method, but I have not worked with it much, so unfortunately, I don't have much advise as far as that goes.
On a side note, I recall reading somewhere that the JRE also has ways of tying into NTLM on your web server in order to obtain identity information for the authenticated user. As stated previously, .NET has support for this as well.
Also, Firefox does not support NTLM by default but it can be configured using the following tut: http://www.crossedconnections.org/w/?p=89
If you set the IIS settings to require authentication then your users will need to log in to access the page. They then have any rights (if not an interface) to anything on that server that they would if they logged in the normal way (from the console).
Other than this, I am not sure what you are referring to.
Yes this is possible. It is often used in intranet applications where users are. windows uses NTLM or Kerberos to authorize the user against a central service, typically Active Directory on the windows platform. On the .NET platform the current user information can be accessed through the System.Threading.Thread.CurrentPrincipal.Identity instance.
You might also want to look into Jespa. It seems a little bit more straight forward than Kerberos but provides good ntlm sso capabilities.
I was looking for more information about Kerberos (because NTLM, even v2, become deprecated with AD 2008), and I found this article, explaining how make it work with Apache (as you mentionned it).
http://blog.scottlowe.org/2006/08/10/kerberos-based-sso-with-apache/
This question is probably outdated (or at least solved), but if it can help someone ...
I have just installed Windows Server 2003 Standard Edition and therefore IIS6 (comes as standard). I have also install the windows component that enable the administration of IIS from the browser (https://server:8098/). The problem I have is that I have to log-in to this tool but the Server Administrator u/name and p/word does not let me in.
The Windows documentation on this tool (http://support.microsoft.com/kb/324282) says "You are prompted for a user name and password that exist on the Web Server" but none of the standard user acounts on the server let me in.
Thanks,
Here are a couple ideas:
Take a look at the security log on the server for clues.
Look at the "Directory Security" tab on the properties of the admin site and ensure "Enable anonymous access" is unchecked. You will need to use "Integrated Windows authentication" or "Basic authentication". If you use Basic auth then the password is sent across then network base64 encoded - you will want to use SSL to encrypt it.
Is there a specific requirement to use the web tools? You can download Internet Information Services (IIS) 6.0 Manager for Windows XP from Microsoft and run it from a client.
I'm not so sure now, haven't set up a Win 2003 box in a while but as far as I remember you have to activate remote desktop first and then you can use a RDP client to access the server. I recommend that over the ActiveX RDP client.
Is the server part of a domain? It may be defaulting to a domain username/password combo rather than a local username/password.
Try "server.domain.local\administrator" or "administrator#server.domain.local".
I would check the permissions on that site in IIS - make sure you are using an account that is a member of a group specifically assigned permissions. I understand that the builtin admin account is not working but its possible the site permissions have changed removing that account or group. - hope that makes some sort of sense
This might be unlikely, but are you trying to use a username that has a blank password? Windows restricts remote access when using those accounts.
If that's the case, you can check the Group Policy (gpedit.msc for local computer, or the one for domains if it's in a domain.):
Computer Configuration
Windows Settings
Security Settings
Local Policies
Accounts: Limit local account use of blank passwords to console logon only