Mod_Auth_Cas fix allows DotNetNuke to work

We’re using mod_auth_cas on a linux reverse proxy to authenticate users to our DotNetNuke (DNN) intranet site.? After dealing with the entropy problem that was really slowing down access, we had just one problem remaining:? files that were attached to DNN pages with the built-in editor were not accessible through the reverse proxy.

It turns out that DNN uses a “fileticket” parameter in the file link URLs, and mod_auth_cas uses a “ticket” parameter.? But mod_auth_cas was mistakenly stripping out DNN’s fileticket parameters.? A DNN URL would look like this: “/LinkClick.aspx?fileticket=DBDQlsksjlefwgb&tabid=70”.? After going through the reverse proxy, mod_auth_cas had mangled it to “/LinkClick.aspx?filetabid=70”.

Someone involved with mod_auth_cas pointed me to the bug tracker, and there was a fix for the URL mangling.? You need to get the latest source files, compile them, and the issue is gone!

Late for the Party

Listening to This Week in Google (TWIG episode 3, I’m a little behind) created an “ah-ha” moment for me today. I used to always feel like I have to read every Facebook status update or Tweet that my friends post. Of course I can’t keep up, but I keep wanting to try.

They made the analogy on TWIG that Facebook status updates and Tweets are like a constantly running party. When you show up late for a party, you don’t say, “Tell me about all the conversations that I missed”. You just jump in for as much time as you have.

That takes a load off.

Windows Media Server doesn’t like NAT

WindowsMediaPlayerError
We set up a Windows Media Server just like we’ve done many times before, but this time we were not able to connect to the streams from outside the local network.? After spending a lot of time verifying that it wasn’t a firewall problem, I found this article that gave an answer: the media server rejected the requests because it didn’t like the dns name in the URL.? Adding the public dns name to the localhost like of the media server’s hosts file fixed it.

Thanks, David!

Acronis True Image won’t write to Server 2008 shares

We were trying to write some machine images to a Server 2008 share with Acronis True Image.? True Image would see the shares, but would fail with a strange “bad file name” error.

It turned out to be the same issue that stopped Mac OS 10.4 from talking to my Server 2008 shares at a different location:? the security policies on Server 2008 require SMB message signing.? Both Mac OS 10.4 and the version of True Image that we’re running don’t support SMB message signing.

Here’s how we disabled the message signing requirement (SMB messages will still be signed when a client supports it):

  1. Open Group Policy Management and edit the Default Domain Controller Policy
  2. Go To Computer Configuration, Policies, Windows Settings, Security Settings, Local Policies, Security Options
  3. Scroll down and find the entry Microsoft network server: Digitally sign communications (always)
  4. Set this option to Disabled
  5. Execute gpupdate on the DC and the file server to apply the new GPO ruleset.