I have a running prosody that handles XMPP for a couple of my domains, and a friends domain. One of the users (his wife) on my friend's domain would like to change her password (actually she has forgotten her, so I would set one with prosodyctl that she should then change to something I don't know). But when I try changing the password of a test user I created on that domain through pidgin, I get an error saying "Error changing password", "Service unavailable". What do I need to change to allow users to change passwords?
I found the needed clue in The ArchLinux wiki on prosody, even though it claims it to be the default (it might be on Arch, it wasn't on my Debian), I needed to enable the register module, and make sure allow_registration was set to false.
Related
I am having some trouble and need some help. I am trying to connect a website to authenticate to Active Directory through LDAP using DNN.ActiveDirectory, but I can only get the "Check Root Domain" portion to pass. Using ldp.exe on the server I am able to connect to the domain controller and query the users on it with the same user name and password I am trying to use with the plugin, and even using my domain admin account makes no difference. I have tried it with every authentication type, changing the root domain (only way that would get the check root domain to pass is the LDAP://domain.local), with/without the domain in front of the username, and with/without the default domain filled out.
I don't have access to the error logs at the moment since I am not at that office yet, so I will get those posted when I can. If I remember correctly the error being logged was an authentication error. LDAP initially wasn't configured on the domain controller so I had to set that up, and admittedly I am not too familiar with it so I followed this guide: https://techcommunity.microsoft.com/t5/sql-server-blog/step-by-step-guide-to-setup-ldaps-on-windows-server/ba-p/385362. I am using the default ports. I stopped before setting up LDAPS, but when I couldn't get that to work I continued through up to the signing the certificate part. I was working on getting the certificate signed when I came across notes that DNN.ActiveDirectory doesn't support LDAPS. My tests with successful connections using ldp.exe were all against port 389. Are there some extra configurations that are needed to get DNN.ActiveDirectory working that weren't covered in that guide, or any common snags I should be aware of?
DNN.ActiveDirectory has not been maintained for a while, and does not support LDAPS afaik - see Checking Root Domain step fails.
My recommendation is to have a look at AD-Pro Authentication.
I recently encountered a SwiftMail error while trying to send a mail through gmail.
Expected response code 250 but got code "535", with message "535-5.7.8 Username and Password not accepted.
I was trying to send mail through my gmail and google thought that I was a spam(maybe because I was requesting too fast) I received a mail from them saying my account was access and I told them it was me. I was able to send mail without problem and it just occured now.
This is the contents of my env file.
MAIL_DRIVER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=talentscoutphil#gmail.com
MAIL_PASSWORD=mypasswordhere
MAIL_FROM=talentscoutphil#gmail.com
MAIL_NAME=talentscout
I researched on the internet and some answers includes enabling the "access for lesser app" and "unlocking gmail captcha" which sadly didn't work for me until I found the 2-step verification.
What I did the following was:
enable the 2-step verification to google HERE
Create App Password to be use by your system HERE
I selected Others (custom name) and clicked generate
Went to my env file in laravel and edited this
MAIL_USERNAME=talentscoutphil#gmail.com
MAIL_PASSWORD=thepasswordgenerated
Restarted my apache server and boom! It works again.
This was my solution. I created this to atleast make other people not go wasting their time researching for a possible answer.
I had the same problem, changing my gmail password fixed the issue, and also don't forget to enable less secure app on on your gmail account
i had same issue i resolve this use under
go to gmail.com
my account
and enable
Allow less secure apps: ON
it start works
I had everything fine. Less secure app option was also enabled. Still, I was getting the error. What I have done is:
Google will send you Critical security alert
Then you have to authorize that activity. ( Clicking on 'YES, THAT WAS ME' type thing )
Then you can try sending email again.
From May 30, 2022, Google no longer supports the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.
Important: This deadline does not apply to Google Workspace or Google Cloud Identity customers. The enforcement date for these customers will be announced on the Workspace blog at a later date.
For more information, continue to read.
https://support.google.com/accounts/answer/6010255?hl=en&visit_id=637919157823422324-2612210762&p=less-secure-apps&rd=1
This is my .env mail settings
MAIL_DRIVER=smtp
MAIL_HOST=smtp.googlemail.com
MAIL_PORT=587
MAIL_USERNAME=example#gmail.com
MAIL_PASSWORD=hello27
MAIL_ENCRYPTION=tls
i was getting thesame error as stated in the question but by using
php artisan config:cache
Everything worked fine
Gmail tends to block usage of mailing addresses which are being used in other applications as username for security reasons. Either you should create a new email address for mail purpose or you must go to the Less Secure App Access and turn on the access for less secure apps. Gmail will send you a mail for confirmation from where you can verify that those changes were made by yourself. Only then, you can use such mailing addresses for mailing purpose through applications.
There is no need to update anything in config/mail.php. just put you credential in .env with this specific key's. This is my .env file.
MAIL_DRIVER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=example#gmail.com
MAIL_PASSWORD=********
MAIL_ENCRYPTION=tls
I had the same issue after long time debugging and googling i have found the solution. that by enabling less secure apps. the email started working.
if your gmail is secure with 2 step verification you can't enable less secure app. so turn off 2 step verification and enable less secure app. by click here enable less secure apps on your gmail account
This single step worked for me... No 2-step verification.
As I had created a dummy account for my local development, so I was OK with this setting.
Make sure you only do this if your account contains NO personal or any critical data.
This is just another way of tackling this error and NOT secure.
I turned ON the setting to alow less secured apps to be allowed access.
Form here :
https://myaccount.google.com/lesssecureapps
I had the same problem, then I did this two steps:
Enable "Allow less secure apps" on your google account security policy.
Restart your local servers.
I encountered the same issue and solved it with no 2FA enabled ("Allow less secure apps" is still in need).
After checking Google error code list, I thought maybe there are some errors in .env.
Below settings are tested in Laravel 8 and worked:
MAIL_MAILER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=username#gmail.com
MAIL_PASSWORD='your#password_here' # put the password in quotes
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS=username#gmail.com
MAIL_FROM_NAME="${APP_NAME}"
Please remember that put the password in quotes. That works for me.
If your using your cpanel custom email, change your host from smtp.gmail.com to your domain name. it worked for me
As from May 30, 2022 Google has stopped the support of third-party apps or devices which ask you to signin to your Google Account using only your username and password.
To solve this,
make sure you that you have enabled 2-step verification.
Then select App paswords.
select app and device you want to generate the app password for.
on select app select mail then on device choose and name a custom device.
After that, a password will be generated for you to use. Replace your original password with the generated password. Refresh or upload your files to the server the reload.
It will work
I had this issue. first checked the credentials and username, they were all good, then restarted my server (docker stop/start) and it works now. something with cache I believe
I'm going to work on project, that uses plastic scm for version control. Project manager sent me a message with repo address, my username and generated (at least it looks like randomly generated) password. I'd like to change the password as it seems like a good safety practice to me. I tried to sign in on www.plasticscm.com, as I assumed that manager just created account for me, but I can't log in. Is this possible to change my password, or do I have to ask admin for help?
It's important to clarify if you need to:
Change your www.plasticscm.com password: You just need to click on the "Sign in" button and then "I don't have a password / I forgot it". You will receive en email to re-generate the password.
If you are using a Plastic hosted server: we have recently released a webadmin tool where you can configure and administer the server, including selecting the authentication mode, creating users and groups (or edit the passwords):
http://blog.plasticscm.com/2017/10/webadmin-introducing-new-server-admin.html
I opened a demo xsp page and a window popped up asking me to input the name and password to login to the domino server. Then I entered my own id and password created in domino, but it didn't work. Only the Administrator name and its password worked. Anybody knows what's the problem? I already edited the corresponding ACL entries.
Thanks!
In order to use a database in a browser (no matter if classic notes web development or Xpages) one needs to meet several requirements.
First of all you need access to all NSF files that are used in the process.
As mentioned by Richard you either need to be mentioned in the ACL (namely or by group membership, or by setting -Default- and/or Anonymous to a level greater than No access).
AND the ACL has to allow Web- Access by not setting the Maximum Internet Name and Password to No Access
But this is not enough.
To be able to do authentication you do not have an ID- file in the browser.
You need a username and password. This password is NOT the password of your ID- file unless the admins choose to synchronize them using a policy.
It is the password stored in your person document in the names.nsf on the server.
But still these points are not enough yet: If you have access to the server with your username and internet password (can be tested by just trying to login to http://yourServer/names.nsf?open&login), then you might still not be able to access the application if -as umeli pointed out in the comment- the signer of the Xpage- application does not have enough rights to sign the XPages (Server document - security).
You see: There is a lot stuff to check. But if all of these points are OK, then access to the database will not be a problem anymore.
I omitted one reason for not beeing able to login because of your error description: If the Session Authentication on your server is configured for Multiple Servers (SSO) then you need to use the fully qualified internet host name of the server in the URL (or at least a hostname, that contains the SSO- domain), otherwise you will be redirected to the loginpage over and over again, even after supplying the right username / password. But as you wrote about a "Window popping up" I am quite sure, that Session authentication on that server is set to "Disabled"
You could be being rejected because of the
ACL of the NSF file not having the level of access required for operations performed in the code on the Xpage. I know you said you edited the ACL, but bear in mind that access also depends on the 'Maximum Internet Name and Password' setting for the NSF.
ACL in other NSF files that are accessed in the code of the Xpage not having the level of access required for operations performed on it by the code. This also includes the 'Maximum Internet Name and Password' setting.
We have our own web server hosting our website that is open to the public outside of our network.
I have a request to make our "Internal Postings" link on our Careers page to authenticate the user against our network's Active Directory list.
I currently have it setup so the link hits a page inside the directory structure of the website, and this page's folder is set to "Integrated Windows Authentication". Anonymous access is turned off for this page. If the user is authenticated (ie: logged into our network or supplies proper credentials) it passes them on to an external careers website which hosts our job postings. If they fail to authenticate, it displays a custom 401 error page.
This works fine, but there is a problem with it. Using IE, people cannot just enter their username. They (of course) are required to enter the domain name as well. Unfortunately the default 'domain' is set to the URL of our website (www.xyz.com/username). I would like it to automatically choose the name of our internal domain (aaa/username) but am unsure of how to do this.
Another option would be to use LDAP and a little ASP scripting to authenticate the user. I have this code already, but am unsure of the security consequences of doing so. Basically, the page will be setup for anonymous authentication, and if the user isn't logged into our network, they will be prompted for a username/password using standard textboxes. This is then passed to an ASP script that does an LDAP lookup against our Active Directory. Is there any security issues with this method?
Which method would you choose to do?
Thanks.
EDIT: It seems I cannot authenticate to ActiveD via LDAP using a username/password combo. So forget about that option.
My question now is, how can I change the default 'domain' that IWA uses? Is that at all possible? IE seems to default to 'www.xyz.com\username' (my website) rather than 'aaa\username' (my domain name). Of course, www.xyz.com\username fails because that is not where our ActiveD resides... Is this possible? I want to make it as simple as possible for our employees.
You cannot authenticate an user with a script that looks up the user in LDAP. You need to know that the user is who it claims it is, and the only way to do that is to let NTLM/Kerberos authenticate the user (ie. establish proof that the user knows a secret stored in the AD, the password).
The URL of the web site to the set of sites considered be in the local intranet zone for IE browsers running on the internal network. By default sites consider to local intranet will be sent the current logged on users credentials when challanged with NTLM/Kerberos. Hence your internal users shouldn't even see a network logon box.
I hate to dredge up an old thread, but the answers are a bit misleading, if I understand the question. The thread Remus refers to is about authenticating via LDAP with a username only. As he points out, that isn't possible. But it looks like what Kolten has in mind is authenticating via LDAP with a username and password both. That's a standard practice called binding.