freeRADIUS and openLDAP and 802.1X - centos7

I would like to ask a question, that is, I want to build a freeradius server here, and associate it with OpenLDAP for authentication. I have already built the freeradius server here. After testing, freeradius can also communicate with openLDAP data (as shown below)
But on the wireless AC device, when it passes the pap authentication protocol test, it is normal and can communicate with openLDAP data normally, but if the chap authentication protocol is tested, an error is reported. During the error reporting process, I go to the freeradius server. When entering radiusd -X to view the log, it prompts chap to report an error, as shown in the figure below
I hope someone can help me solve the problem.

Related

API allowing to import a CSR to Microsoft CA and receive a certificate

I need to find a way to import/submit SCR and receive a certificate from Microsoft CA via some endpoint from my server. The best option is REST, but if there is another API/protocol allowing to do a request from our server to the CA will be good enough.
Terminal utils will not work for me.
I found that there are a few options here:
Usage of .Net platform allowing to send/import CSR
CA Web Enrollment
CA Web Services
Our server is an on-prem solution and written on Java and may run on Windows and Unix-based platforms. It means that our customer decides what OS to use.
It means that the first option is not really an option...
The second option allows uploading an SCR to Microsoft CA via a browser, i.e. I can try to submit an HTML form and parse a response...extract the link for the cert, but it feels it is not the best option.
I found that the windows server contains the component called CA Web Services that theoretically allowing what I want, but the problem I can't find how to use it.
I followed the guidance here:
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831625(v=ws.11)
and Certificate Enrollment Policy Web Service and Certificate Enrollment Web Service are enabled on the server.
So I have the URL and I can put it in a browser or postman:
https://.../service.svc/CES
with basic authentication but for my try I received a bad request and I couldn't find the documentation about the endpoint.
So it will be nice if someone could say to me that I'm looking in the right direction and/or send me a link to the documentation.
And if it's not the right direction, maybe someone knows a better option.
Thanks in advance

Sitecore ECM - [NonCriticalException]: Unable to connect to the remote server

Today I have an exception with the ECM with the content/evidence as below :
[NonCriticalException]: Unable to connect to the remote server
My "SMTP.ConnectionStringName" no problem.
I cannot send mail, do you have any idea to fix this ?
This error occurs when the preview frame tries to download the email content. You should check the RendererUrl field on the Manager Root item and verify that the server is capable of resolving that url sucessfully.
This could be a number of things. I've had an issue in the past where software on the server was conflicting with ECM. If it was working before it's likely that something has changed on the server to cause this issue.
I would recommend following these steps on the Sitecore Knowledge base, which might get you a more meaningful error message:
https://kb.sitecore.net/articles/553662
If this doesn't achieve anything then contact Sitecore support.

Facebook Debugger unable to test localhost

I am building a Facebook app using Django. So, for development, I connected the app to localhost. My app is loading on canvas and working fine but the Facebook debugger is unable to test it correctly when I give localhost address as input.
These are the requests I tried in debugger
http://localhost
https://localhost/
http://127.0.0.1/
localhost
etc
Almost for all possible combinations.. It showed me
Error Parsing URL: Error parsing input URL, no data was scraped.
When I deployed the same code on heroku and tried.. It was working!
So,
Can't I debug the project on localhost? What's the point in working on it then??
If I can work, how should I fix it?
Can't I debug the project on localhost? What's the point in working on it then??
You can debug your code etc. on localhost – but of course you can’t have Facebook’s debug tool reach a site on your localhost, because Facebook (and everyone else on the web) does have no idea what machine your localhost actually is. (Absolute bascis, dude!)
If I can work, how should I fix it?
You have to make your web server accessible from the “outside”, over the internet.
Set up your test server so that it accepts requests from outside IPs, and get a DynDNS address (basically something that can be resolved by third parties like Facebook over the DNS).
You can access Facebook apps locally but you need to fake the domain of your local computer. You can do this by adding
127.0.0.1 mysite.test.example.com
to /etc/hosts. You should update mysite.test.example.com to your domain. Your Facebook app needs to be configured for that domain. You can then use the Facebook app locally and debug your project.
The alternative is to setup up a web server and use its domain for testing purposes (but this is not ideal because you'll need to commit and build the code before you can see your changes).

Windows Integrated Authentication fails ONLY if web svcs client is on same machine as IIS server

I have a web service running under IIS7 on a server with a host header set so that it receives requests made to http://myserver1.mydomain.com.
I've set Windows INtegrated Authentication to Enabled and everything else (basic, anonymous, etc) to Disabled.
I'm testing the web service using a powershell script, and it works fine when I run it from my workstation against http://myserver1.mydomain.com
However, when I run the same exact script on the IIS server itself, I get a 401-Unauthorized message.
In addition, I've tried installing the web service on a second server, myserver2.mydomain.com. Again I can call my test script fine from BOTH my workstation and from myserver1.
So it seems the only issue is when the client is on the same box as the web server itself - somehow the windows credentials are not being passed or recognized.
I tried playing with IE settings on myserver1 (checked and unchecked 'Enable Windows Integrated Authentication', and added the URL to Local Sites). That did not seem to have an effect.
When I look at the IIS logs, I see the 401 unauthorized line but very little other information.
I see basically the same behavior when testing with IE (v9) - works from my workstation but not when IE is running on the IIS server.
I found the answer after several hours:
By default, there is something called a LoopbackCheck which will reject windows authentication if the host header used for the site does not match the local host's name. This behavior will only be seen when the client is on the local host. The check is there to defeat possible reflection attacks.
More details here:
http://support.microsoft.com/kb/896861
The kb item discusses ways to disable the Loopback check, but I ended up just switching from using host headers to ports to distinguish the different sites on the IIS server.
Thanks to those who gave assistance.
Try checking the actual credential that is being passed when you are running on the server itself. Often times you will be running on some system account that doesn't have access to the resource in question.
For example, on your box your credentials are running as...
MYDOMAIN\MYNAME
and the server will be something like...
SYSTEM\SYSTEM_ACCOUNT
and so this will fail because 'SYSTEM\SYSTEM_ACCOUNT' doesn't have credentials.
If this is the case, you can fix the problem in one of two ways.
Give 'SYSTEM\SYSTEM_ACCOUNT' access to the resource in question. Most people would avoid this strategy due to security concerns (which is why the account has no access in the first place).
Impersonate, or change the credentials of the client manually to something that does have access to the resource, 'MYDOMAIN\MYNAME' for example. This is what most people would probably go with, including myself.

In FinalBuilder, how do I use the HTTP Get File action with Windows Authentication?

I have a FinalBuilder project where I deploy an ASP.Net website to a remote folder, configured as a website in IIS.
As part of my build script, I want to use the FinalBuilder action HTTP Get File to help determine whether my deployment was succesful.
I'm having difficulty, because the website is configured (under IIS 6) to use Integrated Windows Authentication, and anonymous access is not enabled.
Now the HTTP Get File action, has only a handful of properties, one of which is a security section, containing a UserName and Password. Great I thought! I can just put some valid credentials in there, which FinalBuilder will impersonate, whilst retrieving my file.
It turns out I was mistaken. I receive the following error:
Error retrieving url : Socket Error # 10061
Connection refused.
If I run the action without setting the Security Username and Password, I get the following error:
Error retrieving url : HTTP/1.1 401 Unauthorized Response Code : 401
Here are some facts to help with the context of my problem.
I'm running FinalBuilder 6 Professional, upon a Windows Server 2003 installation, and deploying my ASP.Net website to a remote IIS6 server within our corporate LAN.
If I configure IIS on the remote server to allow Anonymous access, I can run the HTTP Get File action without error. However, running this particular site with anon access is not acceptable in our situation.
Can anyone help suggest a workaround?
For a definitive answer, I think the Finalbuilder Forum is probably your best bet.
My guess, though, is that the HTTP library used by FB doesn't support Windows authentication, and is failing because no common authentication method can be negotiated. Since HTTPS isn't supported either by the 'HTTP Get File action', the possible workaround of allowing basic authentication on your site isn't a good idea, as you would be passing credentials over the network in plain text.
The only remaining workaround I can think of (other than waiting for a future FB release), is creating your own FB action to retrieve the file. Using the .NET Framework System.Net.WebClient, that should be trivial. Just start with a standalone EXE to make sure everything works, then refactor it into a 'real' action using FinalBuilder Action Studio (if that's even required: spawning an external EXE may work just fine in your case).