Topic: iBay Security

[Bud]

sme team

i have created an ibay called " central "
for the option " Group " i have placed certain users that need to have access to the info eg: " managers group "
for the option " Public access via web or anonymous ftp " i have set this to " Entire Internet (password required) "

i have copied files from a html web template to " /home/e-smith/files/ibays/central/html "

i enter the url in my browser: http://smeserver/central/
my problem is that no matter what user name and password i use the users cannot get access to the web template to be used as it keeps on saying that i have entered the incorrect user name and or password. this is the error code i am getting

Authorization Required

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

please help 

[janet]

Bud

i have copied files from a html web template to " /home/e-smith/files/ibays/central "

All web content in an ibay should typically be placed in the ibay's html folder ie
/home/e-smith/files/ibays/central/html/

[Bud]

mary

thanks for your reply

sorry i made a typo there.

the files are inside " /home/e-smith/files/ibays/central/html "

i am still having a user name password problem when trying to access the html web application: http://smeserver/central

any ideas?

[Jeppe Fugl]

http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter14

Note:
If you select Password Required, users who connect to the i-bay via FTP or HTTP will be prompted to supply that particular i-bay's username and password. The user name is always the name of the i-bay and the password is whatever the administrator assigns to that i-bay - not the individual user's password. Note that, as with user accounts, i-bay accounts are locked out by default. If a password is required, users will not be able to access the i-bay until the administrator sets the password.

In my world this is not smart, but thats the way it is designed. I believe there have been several discussions about this.

Best Regards,
Jeppe

[Bud]

Jeppe Fugl

thanks for the info. now i understand

net very smart is it. but still works

thanks again

[janet]

Bud

net very smart is it. but still works

It is as is designed and as detailed in the manual ie user/group control is for ftp & local network sharing, not web access.

See this contrib for added functionality, smeserver-remoteuseraccess-1.2-33.el4.sme.noarch.rpm
yum install --enablerepo=smecontribs smeserver-remoteuseraccess

Search the forums on smeserver-remoteuseraccess for usage info ie you can jail a user to only access a certain ibay after they login. Also check the dungog.net wiki.