search for: ourusers

So for auth_policy_server_api_header. is the value of our_password come from the hashed response or the plain-text password? What else am I doing wrong? Mar 7 09:20:53 olddsm wforce[17763]: WforceWebserver: HTTP Request "/" from 127.0.0.1:56416: Web Authentication failed curl -X POST -H "Content-Type: application/json" --data '{"login?:?ouruser?, "remote":

In weakforced you have webserver("0.0.0.0:8084", "THIS-IS-THE-PASSWORD-FOR-WFORCE") Thus, you make the base64 blob as ~$ echo -n wforce:THIS-IS-THE-PASSWORD-FOR-WFORCE | base64 d2ZvcmNlOlRISVMtSVMtVEhFLVBBU1NXT1JELUZPUi1XRk9SQ0U= And in dovecot you put auth_policy_server_api_header = Authorization Basic d2ZvcmNlOlRISVMtSVMtVEhFLVBBU1NXT1JELUZPUi1XRk9SQ0U Aki > On 7

I took suggestions from https://forge.puppet.com/fraenki/wforce to set these in /etc/dovecot/conf.d/95-auth.conf auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = our_password auth_policy_server_api_header = "Authorization: Basic hash_from_running_echo-n_base64" auth_policy_server_timeout_msecs = 2000 auth_policy_hash_mech = sha256 auth_policy_request_attributes =

> > Probably there's an existing solution for both problems (subsequent > attempts and dnsbl): > > > >

> > You are running some kind of proxy in front of it. No proxy. Just sendmail with users using emacs/Rmail or Webmail/Squirrelmail. > If you want it to show real client IP, you need to enable forwarding of > said data. With dovecot it's done by setting > > login_trusted_networks = your-upstream-host-or-net > > in backend config file. > OK I changed it and

The good news is I believe I got Weakforce running 1) curl -X GET http://127.0.0.1:8084/?command=ping -u wforce:ourpassword {"status":"ok"}[ 2) after running the sample for loop: for a in {1..101}; do curl -X POST -H "Content-Type: application/json" --data '{"login":"ahu", "remote": "127.0.0.1",

On 28.3.2019 22.34, Robert Kudyba via dovecot wrote: >>>>> Set >>>>> >>>>> ssl_client_ca_file=/path/to/cacert.pem to validate the certificate? >>>> >>>> Can this be the Lets Encrypt cert that we already have? In other >>>> words we have: >>>> ssl_cert = </etc/pki/dovecot/certs/dovecot.pem

> > > On 12 April 2019 21:45 Robert Kudyba via dovecot <dovecot at dovecot.org> > wrote: > > > > > > > You are running some kind of proxy in front of it. > > > > No proxy. Just sendmail with users using emacs/Rmail or > Webmail/Squirrelmail. > > > > > If you want it to show real client IP, you need to enable forwarding > of

> On 12 April 2019 18:11 Robert Kudyba via dovecot <dovecot at dovecot.org> wrote: > > > > Probably there's an existing solution for both problems (subsequent > > attempts and dnsbl): > > > > >

> On 12 April 2019 21:45 Robert Kudyba via dovecot <dovecot at dovecot.org> wrote: > > > > You are running some kind of proxy in front of it. > > No proxy. Just sendmail with users using emacs/Rmail or Webmail/Squirrelmail. > > > If you want it to show real client IP, you need to enable forwarding of said data. With dovecot it's done by setting > >

We're running samba in our organization to serve files in a LAN to windows machines (almost XP), and we're having some performance issues with small files. With big files (ie, ISO images), it works pretty well. But, when small files are involved in the transference, problems arise. In the same environment, a Windows 2000 machine (the 'old' server) is able to send data to

Hi all, I've got on AD DC using Samba 4.4.3 on Centos7 which accept Kerberos connections (kinit is working), which accept ldapsearch with credentials but which refuse ldapsearch with GSSAPI. The issue does not seem to be coming from the client as I discovered this issue writing a script to test all 22 DC, and all 21 others DC are working well from that client. The error: SASL/GSSAPI

On 11/04/2019 11:43, Marc Roos via dovecot wrote: > A. With the fail2ban solution > - you 'solve' that the current ip is not able to access you It is only a solution if there are subsequent attempts from the same address. I currently have several thousand addresses blocked due to dovecot login failures. My firewall is set to log these so I can see that few repeat, those

...onany "non-accessible" resource resulted in a message > > > notifying that noaccess was granted. > > > Since 4.18 the folder is simply completely invisible. I don? t > > > argueabout this being "correct" behaviour or not. It is just that > > > ourusers where just used to having the whole list and knowing > > > what is inthere (and eventually ask access to it to us or the > > > relevantdepartment that then forwards to us). > > > Is there a way to have that "old behaviour" back while still > > > usingsa...

wforce is the username always. auth_policy_hash_nonce should be set to a pseudorandom value that is shared by your server(s). Weakforced does not need it for anything. auth_policy_server_api_header should be set to Authorization: Basic <echo -n wforce:our_password | base64> without the < >. Aki On 6.3.2019 20.42, Robert Kudyba via dovecot wrote: > I took suggestions

More information, making me more crazy: - ldapsearch without SASL is working from any host: ldapsearch -D 'CN=user-ldapmodify,OU=OurUsers,DC=ad,DC=domain,dc=tld' -w Passw0rd -x -ZZ -b 'dc=ad,DC=domain,dc=tld' -h dc106 sAMAccountName=administrator dn - ldapsearch with SASL is not working (Kerberos ticket existing following a working kinit) from any host but it works when launched from the non-working-server kinit -k -t ad...

Hello, I'm trying to push some data from one machine to another via rsync source machine uses rsync 3.0.8, it's a CentOS 5.6 Linux with rsync 3.0.8 package from rpmforge destination machine uses rsync 3.0.6, it's a Scientific Linux 6.0 with rsync 3.0.6 from its repository destination machine is running a rsync daemon with the following configuration: log file = /var/log/rsyncd.log

...;t perform test to make it work without that reverse DNS entry set up. 2016-06-07 17:50 GMT+02:00 mathias dufresne <infractory at gmail.com>: > More information, making me more crazy: > - ldapsearch without SASL is working from any host: > ldapsearch -D 'CN=user-ldapmodify,OU=OurUsers,DC=ad,DC=domain,dc=tld' -w > Passw0rd -x -ZZ -b 'dc=ad,DC=domain,dc=tld' -h dc106 > sAMAccountName=administrator dn > > - ldapsearch with SASL is not working (Kerberos ticket existing following > a working kinit) from any host but it works when launched from the > non-...

We have dovecot-1:2.3.3-1.fc29.x86_64 running on Fedora 29. I'd like to test wforce, from https://github.com/PowerDNS/weakforced. I see instructions at the Authentication policy support page, https://wiki2.dovecot.org/Authentication/Policy I see the Required Minimum Configuration: auth_policy_server_url = http://example.com:4001/ auth_policy_hash_nonce = localized_random_string But when I