i have a web-application on a Windows Server 2012 R2.
The application is using Kerberos for SSO.
If i use only Tomcat everything is working fine.
But if i use an Apache in front of Tomcat the ticket seems to be wrong.
Instead of the AD-User the server from the web-application is logging in.
Is there any configuration in Apache to handle the Kerberos ticket correctly?
If you need any more informations just let me know.
Related
I'm currently trying to configure a ldap authentication on a nuxeo server and for me documentation is not enough precise.
The Nuxeo server is on a Centos 7 on the local network.
I declared the Nuxeo server on the Windows server 2019 Active Directory which make the bridge to the WAN.
For now, I just have registered instance and installed nuxeo-web-ui nuxeo-platform-getting-started.
I'm at this page step of the documentation:
https://doc.nuxeo.com/nxdoc/using-a-ldap-directory/
I don't really understand how to map the default userDirectory to my LDAP Server.
And where can I find the extension point userManager noted in that link?:
https://explorer.nuxeo.com/nuxeo/site/distribution/Nuxeo%20Platform-2021/viewExtensionPoint/org.nuxeo.ecm.platform.usermanager.UserService--userManager
Thank You for your cooperation!
I want to configure LDAP server on Linux (centos is most preferable) and I want to authenticate from my windows client to that LDAP server (on Linux) and also I want that home folder of the windows user must be stored on LDAP server (on Linux).
So how can I achieve this setup? is it possible?
You will need more than an LDAP server, as Windows clients are relying on more services than just LDAP.
Look at Samba Servers on Linux.
I'm newbie to liferay 7,I want to integrate liferay 7 with CAS server using ldap.
my liferay's version is 7.0.2 GA3,CAS server's version is 3.5.2 and I'm using opendj active directory.
I have installed liferay on localhost:8080,CAS server is on one of my server
machine over ssl and ldap is on the same server machine.
I have successfully integrated CAS with ldalp that is I can able to login in CAS server from ldap users.
After this I have configured CAS authentication in liferay that is in Configuration->Instance Setting->Authentication under this CAS tab.
when I try to login im getting following url:
http://localhost:8080/?ticket=ST-36-tP25deAgea9pUfwEcf6V-cas01.example.org
Although ticket is generating,but I'm not able to access admin panel.
Please help,
Thanks in advace
This happens because there is a handshake error, so, when you configure your keystore you must be careful with CN name, cause you must use the domain name, not the IP, and if you don't have a DNS you could configure a host file, for example /etc/hosts in CentOS.
I am running through the procedure to create a Windows 2012 Server, and I need Remote Access enabled. However, when I run through the installation process, it tells me I need to install IIS. Well I don't want IIS because I will have an Apache server running, but I have no choice. In Windows Server 2008 there was no need to install IIS when configuring Remote Access ( which used to be a part of Network Policy and Access Services ).
What can I do if I need Remote Access, need Apache, and don't want IIS?
To solve this I simply deleted the default website created with IIS, restarted Apache and it works fine.
We're working on an implementation of DirectAccess using Windows Server 2012 R2.
The DA server is a single NIC behind the firewall with TCP/443 forwarded for IPHTTPS.
During the initial testing/setup, we set it up strictly for Windows 8.1 clients, using the username/password (computer account) to authenticate. Everything worked beautifully.
Wanting to extend the testing to Windows 7 clients, we configured DA to use certificates for authentication. We have an internal PKI infrastructure that has worked properly for everything else we've needed it for during the last 2 years.
Windows 7 clients, with the DirectAccess Connectivity Assistant, connect and work beautifully. However, Windows 8.1 clients cannot.
We've checked the certificates and all seems good. Using the DirectAccess Troubleshooter, we see that it connects successfully to the DA IPHTTPS URL, however it can't access any internal resources. We can ping the internal DCE addresses x:y:z::1 & x:y:z::2 that it is my understanding are the DA server inside our network.
Are there any additional tools for troubleshooting this? Can anyone point me in the right direction to determine why only Win8 clients won't connect with certificates?
The initial getting started wizard in DA allows Windows 8 / 8.1 to connect using Kerberos Proxy (no certs). A full blown install using PKI mandates that all clients use certificates. Deploy the Computer certs to the Windows 8 / 8.1 and you will be fine.
Reference - http://technet.microsoft.com/en-gb/windows/dn197886.aspx
How does DirectAccess in Windows 8 and Windows Server 2012 simplify deployment?
In earlier versions of Windows Server, a PKI was required to deploy DirectAccess. DirectAccess used the PKI for server and client certificate-based authentication. Now Windows 8 sends client authentication requests by using a Kerberos proxy service running on the DirectAccess server. The Kerberos proxy service sends requests to domain controllers on behalf of the client. As a result, for simple deployments a PKI is not required to deploy DirectAccess, and IT administrator can use the Getting Started Wizard to configure DirectAccess in a few easy steps. For more complex deployment scenarios, PKI is still required.
It would help if you can present some graphical representations of your problems 'cause every response to your question would only be assumptions.
Troubleshoot as follows:
Check to make sure the windows client is an Enterprise edition
If point 1 above is true, run the 'get-DaConnectionstatus' command on Powershell to see if the client can determine its location, otherwise get a windows enterprise edition.
3.If both point 1 and 2 are true then check to make sure your group policies are well configured. Remember to separate the security groups for windows 7 and windows 8 clients.