Monthly Archives

Articles indexed in March 2012

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 165/239 | < Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172  | Next Page >

  • How to setup a simple self-hosted dynamic DNS server

    - by Cerin
    I have a small internal network of physical machines running hypervisors, which in turn run several KVM Ubuntu virtual machines. How would I setup an internal dynamic DNS server so that when I run a script to create a new virtual machine, that VM could automatically register itself in the DNS server? Bind seems to be the standard DNS server for Linux, but it seems designed for a much more "static" DNS model. Dynamically updating this would require a complicated script that would have to SSH into the DNS server, edit configuration files, and then restart the server. This doesn't seem like a very elegant solution. Are there better options? I saw a similar question, although they're asking for a solution for a public setting on Amazon. My servers are entirely private, and I don't want to rely on an external VM host or Dynamic DNS provider.

    Read the article

  • AFP / Apple Filling Protocol aka Netatalk access over Internet

    - by PJJ
    I got a simple cloud server and thought it would be nice to have mac native afp Volumes accesss. Installed Netatalk and this seems to work pretty nice. No sensitive data or something but I don't like to wake up someday and have my www docs rm-rfed by some kid h4x0r. Q1: Is afp encrypted? Q2: How can I make it (semi)secure? Q3: Does VPN makes sense for this? Q4: What would you do to get afp working over net? Opening any service meant for Lan only is a basic flaw, i know - but me be ignorant about it. According to Apple Dev only the authentication is encrypted or am I mssing something?

    Read the article

  • Fedora 12 on Vmware network disabled on restore

    - by Chaitanya
    I have a fedora 12 guest running on VMWare on windows 7. I use it mainly for the occasional linux dev. Whenever I restart the guest, networking works fine. But if I close the VMware player and save state, the next time I start the image, networking is disabled (red x on the network icon. message saying networking disabled). I can't seem to find a way to restore networking. I have to reboot the guest to get my network access back again. My Ubuntu image doesn't have this problem. I can close the player and when I re run the image, I can pick up where I left off, with all the open firefox windows and application windows as I left them. Fedora saves state, but doesn't seem to enable networking. There is a relevant warning I have seen "SELinux is preventing /sbin/ifconfig "read" access to/var/run/vmware-active-nics." But I am not sure how to solve it. I know fedora isn't officially supported by VMware, but it seems to be working fine for the most part and meeting my needs, except for this one little issue. Any help would be much appreciated.

    Read the article

  • configuring linux server to send traffic to local machines using local IP address

    - by gkdsp
    Two linux servers, server1 and server2, are on the same local network (they also have access to an external network). Server2 has a local IP of 192.168.0.2 and a host name of host2.mydomain.com. QUESTION 1: If an application on server1 sends traffic to server2 using a host name of host2.mydomain.com, what determines whether this traffic is routed to server2 using the local or external network? QUESTION 2: To ensure that all traffic sent from server1 to server2 always uses the local network, could I simply include in the server1 /etc/hosts file the following? 192.168.0.2 host2.mydomain.com ...the thinking being, if the servers are always on the same network there should never be a need for server2 to send traffic to server1 via the external network (that I can think of anyway). Is this done in practice, or is some other method preferred?

    Read the article

  • Find actual Centos6 path for %{_includedir} in spec file?

    - by Dayo
    I am trying to find out which path actually resolves to %{_includedir} in a Centos6 installation. I understand that this is normally "/usr/include" but where can I find where it is actually set or somehow "echo" it? Basically, a spec I am using has "%dir %{_includedir}/someFolder/someFile". Everything runs fine but I can't find "/usr/include/someFolder". I assume it has been created somewhere else and I am trying to find out where that is.

    Read the article

  • Nagios check_host_alive and check_ping not showing host as down

    - by Kyle
    I am using the check_host_alive command to send 5 packets every minute to all my routers at remote locations. I noticed today I received a notification from The AT&T Global Client Support Center that a router was down (which can take 5-30 minutes to send these notices out) and never received a notice from Nagios. I went onto Nagios and it is was showing the host as alive with a latency of 0ms. This tells me it is seeing the automated response from my router in the data center that, "TTL expired in transit" as a reply from the remote router. Is there anyway for me to tell nagios to check where the reply is comming from? I feel like other people have to of had this issue... I tested it with the check_ping command and it produced the same results. I have the command defined has %hostname% and the proper IP in the host definition, and it works fine for telling me the latency is high. Any ideas are welcome, I have already exercised my Google skills with no results. EDIT: root@IM-UBTU:/# /usr/local/nagios/libexec/check_ping -H 192.168.250.1 -w 100.0,10% -c 200.0,20% -vvv CMD: /bin/ping -n -U -w 10 -c 5 192.168.250.1 Output: PING 192.168.250.1 (192.168.250.1) 56(84) bytes of data. Output: From 10.69.10.2 icmp_seq=1 Time to live exceeded It knows something is wrong why doesn't it give me a warning?

    Read the article

  • What would cause Memcached to Hang for 2+ seconds?

    - by Brad Dwyer
    I'm going nuts trying to scale memcached. From their site: Memcached operations are almost all O(1). Connecting to it and issuing a get or stat command should never lag. If connecting lags, you may be hitting the max connections limit. See ServerMaint for details on stats to monitor. If issuing commands lags, you can have a number of tuning problems. Most common are hardware problems, not enough RAM (swapping), network problems (bandwidth, dropped packets, half-duplex connections). On rare occasion OS bugs or memcached bugs can contribute. Well.. it is most certainly not performing like an O(1) operation for me. Under low to normal load on our site memcached response times for get and set ops are about 0.001 seconds. Not bad. But if we triple the load we get outliers that take 100x (or in rare cases 1000x!) that long. I even had one instance where it took 2.2442 seconds for memcached to store a value. Obviously this is killing our site. Here's the output of Memcached-getStats during one of the slow periods: [pid] => 18079 [uptime] => 8903 [threads] => 4 [time] => 1332795759 [pointer_size] => 32 [rusage_user_seconds] => 26 [rusage_user_microseconds] => 503872 [rusage_system_seconds] => 125 [rusage_system_microseconds] => 477008 [curr_items] => 42099 [total_items] => 422500 [limit_maxbytes] => 943718400 [curr_connections] => 84 [total_connections] => 4946 [connection_structures] => 178 [bytes] => 7259957 [cmd_get] => 1679091 [cmd_set] => 351809 [get_hits] => 1662048 [get_misses] => 17043 [evictions] => 0 [bytes_read] => 109388476 [bytes_written] => 3187646458 [version] => 1.4.13 So things that I have ruled out so far are: Hitting the max connections limit (curr_connections of 84 is well below the default of max of 1024) Swapping - the machine has 900M out of 1024M of memory dedicated to memcached on a dedicated machine. It only appears to be using about 7MB of data as per the bytes stat. How would I diagnose the other hardware problems? prstat doesn't really show a whole lot going on in terms of CPU or memory usage. Not sure how to figure out the network problems but as this is a dedicated server on the same private network as the web box I don't think it's a connectivity issue (ping is less than a millisecond between the boxes). Is there something else I'm missing here? It's driving me nuts. Edit: Also forgot to mention that I've tried both persistent and non-persistent connections with minimal-to-no impact.

    Read the article

  • Which isn't working on linode servers (Ubuntu 10.04)?

    - by chrisjlee
    Currently trying to configure a linode server running on ubuntu 10.04. I utilized a stackscript (Default drupal profile) which seemed to run successfully. The log indicate so as well. Then ssh'd into the server (as root) to try to configure php. When i run a which php, which php5 they both return nothing. A which python returns something though. I know where the default path to php but i usually just like to use it as confirmation that php exists. Do i have to modify some configurations to enable which to work? Also tab completion doesn't seem to work for when i apt-get install? Update: Thanks for the suggestions guys. I've ran a couple commands and no luck either: [ root@ ~ ] $ dpkg -l |grep php [ root@ ~ ] $ apt-get install php5-cli Reading package lists... Done Building dependency tree Reading state information... Done Package php5-cli is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package php5-cli has no installation candidate Then i tried installing php and php cli: [ root@ ~ ] $ sudo apt-get install php5 php5-cli sudo: unable to resolve host xxxxxxx Reading package lists... Done Building dependency tree Reading state information... Done Package php5 is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package php5 has no installation candidate

    Read the article

  • Using AutoMySQLBackup on Rackspace Cloud

    - by xref
    Since Rackspace Cloud only allows FTP access it makes using AutoMySQLBackup a little trickier, and while it is at least creating DB dumps I get errors in the backup log: ###### WARNING ###### Errors reported during AutoMySQLBackup execution.. Backup failed Error log below.. .../backups/automysqlbackup: line 1791: /usr/bin/find: Permission denied .../backups/automysqlbackup: line 1855: /usr/bin/find: Permission denied .../backups/automysqlbackup: line 803: /usr/bin/find: Permission denied .../backups/automysqlbackup: line 1972: /usr/bin/du: Permission denied Since files are being created I'm assuming the find command failing has to do with actually rotating out and deleting the old backups? Line 803: find "${CONFIG_backup_dir}/${subfolder}${subsubfolder}" -mtime +"${rotation}" -type f -exec rm {} \; Any ideas for alternatives?

    Read the article

  • Web site kills hard disk I/O, how to prevent?

    - by Taras Voynarovsky
    The situation: I have a server, on which we have 2-3 projects. Starting not long ago, the server started hanging up (We could not connect to it by ssh, and the connected clients had to wait 20 minutes for top to give results) Early today I managed to execute gstat while it was in this state and saw, that it stays on 100% on da0, da0s1 and da0s1f. I dont quite know what those ids meen, but I understand that some processes just kill the HD by bombing it down with requests. I ask of some propositions. I dont know how to find the culpit and can't prevent this. I have freebsd on server.

    Read the article

  • Issues with ProxyPass and ProxyPassReverse when proxying to localhost and a different TCP port

    - by mbrownnyc
    I am attempting to use ProxyPass and ProxyPassReverse to proxy requests through Apache to another server instance that is bound to the localhost on a different TCP port that the Vhost exists (VHost is bound to :80, when the target is bound to :5000). However, I am repeatedly receiving HTTP 503 when accessing the Location. According to the ProxyPass documentation... <VirtualHost *:80> ServerName apacheserver.domain.local DocumentRoot /var/www/redmine/public ErrorLog logs/redmine_error <Directory /var/www/redmine/public> Allow from all Options -MultiViews Order allow,deny AllowOverride all </Directory> </VirtualHost> PassengerTempDir /tmp/passenger <Location /rhodecode> ProxyPass http://127.0.0.1:5000/rhodecode ProxyPassReverse http://127.0.0.1:5000/rhodecode SetEnvIf X-Url-Scheme https HTTPS=1 </Location> I have tested binding the alternate server to the interface IP address, and the same issue occurs. The server servicing request is an instance of python paste:httpserver, and it has been configured to use the /rhodecode suffix (as I saw this to be mentioned in other posts about ProxyPass). The documentation from the project itself, Rhodecode, reports to use the above. The issue is persistent if I target another server that is serving on a different port. Does ProxyPass allow proxying to a different TCP port? [update] I won't delete this, in case someone comes across the same issue. I had set an ErrorLog, and in that ErrorLog the following error was reported: [Wed Nov 09 11:36:35 2011] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:5000 (192.168.100.100) failed [Wed Nov 09 11:36:35 2011] [error] ap_proxy_connect_backend disabling worker for (192.168.100.100) After some more research, I attempted to set SELinux to permissive (echo 0 >/selinux/enforce), and try again. It turns out the SELinux boolean httpd_can_network_connect must be set to 1. For persistence on reboot: setsebool -P httpd_can_network_connect=1

    Read the article

  • centos postfix send email problem

    - by Catalin
    I have a big problem with postfix. I can receive mail in webmin and outlook but I can't send (only on local I can - user to user). Dovecot is working just fine. Sendmail is disable. Please help me. postfix -n postfix: invalid option -- n postfix: fatal: usage: postfix [-c config_dir] [-Dv] command [root@xprivatecams usr]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mailbox_command = mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man milter_default_action = acceptsmtpd_tls_auth_only = no milter_protocol = 2 mydestination = $myhostname, localhost.$mydomain, localhost myhostname = xprivatecams.com mynetworks = 94.177.41.0/24, 127.0.0.0/8 newaliases_path = /usr/bin/newaliases.postfix non_smtpd_milters = inet:localhost:20207 queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_milters = inet:localhost:20207 smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 Jan 18 00:46:17 xprivatecams postfix/postfix-script: starting the Postfix mail system Jan 18 00:46:17 xprivatecams postfix/master[15545]: daemon started -- version 2.3.3, configuration /etc/postfix Jan 18 00:48:00 xprivatecams postfix/pickup[15546]: EDE7EA8001B: uid=0 from=<[email protected]> Jan 18 00:48:00 xprivatecams postfix/cleanup[15817]: EDE7EA8001B: message-id=<[email protected]> Jan 18 00:48:00 xprivatecams opendkim[2776]: EDE7EA8001B: DKIM-Signature header added Jan 18 00:48:01 xprivatecams postfix/qmgr[15547]: EDE7EA8001B: from=<[email protected]>, size=615, nrcpt=1 (queue active) Jan 18 00:48:31 xprivatecams postfix/smtp[15820]: connect to mail.flabell.com[72.47.224.75]: Connection timed out (port 25) Jan 18 00:48:31 xprivatecams postfix/smtp[15820]: EDE7EA8001B: to=<[email protected]>, relay=none, delay=30, delays=0.08/0.03/30/0, dsn=4.4.1, status=deferred (connect to mail.flabell.com[72.47.224.75]: Connection timed out) telnet 94.177.41.70 25 Trying 94.177.41.70... Connected to xprivatecams.com (94.177.41.70). Escape character is '^]'. 220 xprivatecams.com ESMTP Postfix ehlo me 250-xprivatecams.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN

    Read the article

  • Ngix rewrite is not working as expected

    - by SamFisher83
    I am trying to learn how to use nginx and how to use its rewrite functionality Nginx seems to be doing the rewrite: 2012/03/27 16:30:26 [notice] 16216#0: *3 "foo.php" matches "/foo.php", client: 61.90.22.223, server: localhost, request: "GET /foo.php HTTP/1.1", host: "domain.com" 2012/03/27 16:30:26 [notice] 16216#0: *3 rewritten data: "img.php", args: "", client: 61.90.22.223, server: localhost, request: "GET /foo.php HTTP/1.1", host: "domain.com" but in my access log I am getting the following: 61.90.22.223 - - [27/Mar/2012:16:26:54 +0000] "GET /foo.php HTTP/1.1" 404 31 "-" "Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0" 61.90.22.223 - - [27/Mar/2012:16:30:26 +0000] "GET /foo.php HTTP/1.1" 404 31 "-" "Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0" There is an img.php in the root directory so I am not sure why I am getting a 404 error Here is part of the configuration block: rewrite foo.php img.php last; location / { try_files $uri $uri/ /index.html; } location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # location ~ /\.ht { deny all; }

    Read the article

  • Public Folders - Delete Public Folders from 2003 after migrating to 2010 (via Adsiedit) - safe?

    - by HeavenCore
    Similar Question: How do I delete a public store in Exchange 2003? We are ready to remove our Exchange 2003 server after having migrated all public folders and mailboxes to 2010. We ran for a week with the exchange 2003 server shutdown and everything seemed to work. When I try to delete the PF database from 2003 it says it contains replicas. Whilst migrating i only had one was sync working (from 2003 to 2010) so i believe that 2003 hasn't received the responses from 2010 saying replica removed. When I look in Public folders on the 2003 box none are listed, when i look in PF Instances they are all listed. I know everything has moved to the 2010 server and I know 2010 is not showing the 2003 server as a replica for any folders. I am looking to use ADSI edit to remove the Public folder database from the 2003 server, but want to ensure i am going to delete the right thing so that they do not get deleted from the 2010 database. Should i delete configuration, Services, Microsoft Exchange, Company Name, Administrative groups, First administrative group, Servers, Server name, Information store, First storage group, public folder store (Server name)? Or something else? I have checked and the only public folder with the old exchange server listed as a replica is SYSTEM CONFIGURATION. Thanks in advance.

    Read the article

  • RHEL server Yum dependencies not working

    - by Tony
    I have a redhat server that isnt resolving dependencies correctly. I want to install httpd via yum "yum install httpd" and it installs correctly, but when i go to start httpd I get the following error: /sbin/service httpd restart Stopping httpd: [FAILED] Starting httpd: /usr/sbin/httpd: error while loading shared libraries: libaprutil-1.so.0: cannot open shared object file: No such file or directory [FAILED] It is missing the dependency for apr-util package. Weirdly the i386 package is installed and not the x86_64 package. Can anyone shed any light on why the dependencies might not be resolved correctly? ldd /usr/sbin/httpd libm.so.6 => /lib64/libm.so.6 (0x00002b02370db000) libpcre.so.0 => /lib64/libpcre.so.0 (0x00002b023735e000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00002b023757a000) libaprutil-1.so.0 => not found libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00002b0237793000) libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0 (0x00002b02379cb000) liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0 (0x00002b0237c06000) libdb-4.3.so => /lib64/libdb-4.3.so (0x00002b0237e14000) libexpat.so.0 => /lib64/libexpat.so.0 (0x00002b0238109000) libapr-1.so.0 => not found libpthread.so.0 => /lib64/libpthread.so.0 (0x00002b023832c000) libdl.so.2 => /lib64/libdl.so.2 (0x00002b0238547000) libc.so.6 => /lib64/libc.so.6 (0x00002b023874c000) libsepol.so.1 => /lib64/libsepol.so.1 (0x00002b0238aa3000) /lib64/ld-linux-x86-64.so.2 (0x00002b0236ebe000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00002b0238ce9000) libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00002b0238eff000) libssl.so.6 => /lib64/libssl.so.6 (0x00002b0239118000) libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002b0239364000) libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00002b02396b6000) libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002b02398e4000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002b0239b79000) libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002b0239d7c000) libz.so.1 => /usr/lib64/libz.so.1 (0x00002b0239fa1000) libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00002b023a1b5000) libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002b023a3be000) yet this is the i386 package apr-util-1.2.7-11.el5.i386 : Apache Portable Runtime Utility library Repo : installed Matched from: Filename : /usr/lib/libaprutil-1.so.0

    Read the article

  • trying to understand how Linux /etc/hosts file works with local and external IP addresses

    - by gkdsp
    Let's say I have a Linux server with an external IP of 123.456.789.012 and a local IP of 192.168.0.1. If it's /etc/hosts file looks like, for example, 123.456.789.012 host2.mydomain.com 192.168.0.1 host2.mydomain.com When an application on the server generates traffic to send using host2.mydomain.com, how does the server know whether to use the local or external IP address (since the same host name shows two IP addresses)? Or, does it need something additional than what I've presented here to decide this? Or, does it just sent it out as host2.mydomain.com and let the receiving end deal with it (if so, how to make sure traffic intended for local network indeed goes to local network)?

    Read the article

  • Remove expired PXE certificates from SCCM

    - by newmanth
    Our SCCM 2007 R2 environment, which runs in native mode, just had its PXE client certificates renewed. Now, the site server automatically blocks the old certificates, but it appears that there is no functionality to actually delete them. I know it doesn't really affect anything other than aesthetics, but as we've had a few renewals now, the certificate list is getting long and cluttered (and unlike my desk, I like to try to keep our servers neat and organized). Does anyone know of a way to remove the old certs?

    Read the article

  • Portable, battery-powered, wireless access point, ethernet adapter

    - by Jed
    I am in need of an adapter that will convert an ethernet port into a wireless access point. I have found a handful of devices, but I'm unable to find a device that is battery powered. Does a self-powered wireless access point even exist? The particular scenario that I will be using the device for is not your typical computer/PC scenario. For the curious, here's a bit of background on the problem I'm trying to solve: I make devices (controllers) that monitor water systems. Our controllers have a Webserver that serves out web pages so that users can configure the controller's settings. Typically, the user will use a cross-over cable to connect directly to the controller's ethernet port with their laptop to gain access to the controller's web pages. Now that tablets (devices that don't have an ethernet port - iPad, for example) are becoming more common, I need to find a device that will convert the controller's ethernet port into a wireless access point so that the user can connect to the controller's web pages via Wi-Fi or Bluetooth. It's worth noting that this wireless device that I'm looking for will NOT be permanently installed on the controller. It will be a portable device that the user will use on any of his controllers when he needs to make a connection to the controller. If you know of a device that will solve the scenario that I mention above, please share your info.

    Read the article

  • fstab mount after network initialization

    - by Philip
    I'm automatically mounting a NFS with fstab. Sometimes the mount fails because the hostname of the NFS mount cannot be resolved (getaddrinfo failed). I'm assuming that this happens because the network initialization is slower than the mounts. Is there any way to initialize the network before mounting any devices? I'm already using _netdev as a mount option but this does not help. This is my current fstab file: # <file system> <mount point> <type> <options> <dump> <pass> /dev/md2 / ext3 errors=remount-ro 0 1 /dev/md1 /boot ext3 errors=remount-ro 0 1 /dev/sda3 swap swap defaults 0 0 /dev/sdb3 swap swap defaults 0 0 connect.mygluster.net:/data /var/gluster/data glusterfs ro,_netdev 0

    Read the article

  • Ubuntu 11.10, using wget/curl fails with ssl

    - by Greg Spiers
    Note: See edit 3 for solution On a completely new install of Ubuntu I'm getting the following errors when using wget: wget https://test.sagepay.com --2012-03-27 12:55:12-- https://test.sagepay.com/ Resolving test.sagepay.com... 195.170.169.8 Connecting to test.sagepay.com|195.170.169.8|:443... connected. ERROR: cannot verify test.sagepay.com's certificate, issued by `/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA': Unable to locally verify the issuer's authority. To connect to test.sagepay.com insecurely, use `--no-check-certificate'. I've tried installing ca-certificates and configuring the ca-certs and they appear to all be setup in /etc/ssl/certs. The same issue exists for cURL: curl https://test.sagepay.com curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Which leads me to believe it's something wrong with openssl server wide. wget and curl both work correctly locally on OSX and I have confirmed with a few people that it's working on their servers so I suspect it's nothing to do with the server I'm attempting to connect to. Any ideas or suggestions on things to try to narrow it down? Thank you Edit As requested verbose output from curl curl -Iv https://test.sagepay.com * About to connect() to test.sagepay.com port 443 (#0) * Trying 195.170.169.8... connected * Connected to test.sagepay.com (195.170.169.8) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS alert, Server hello (2): * SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Closing connection #0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html Edit 2 Using the hash from your comment I see this: ubuntu@srv-tf6sq:/etc/ssl/certs$ ls -al 7651b327.0 lrwxrwxrwx 1 root root 59 2012-03-27 12:48 7651b327.0 -> Verisign_Class_3_Public_Primary_Certification_Authority.pem ubuntu@srv-tf6sq:/etc/ssl/certs$ ls -al Verisign_Class_3_Public_Primary_Certification_Authority.pem lrwxrwxrwx 1 root root 94 2012-01-18 07:21 Verisign_Class_3_Public_Primary_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt ubuntu@srv-tf6sq:/etc/ssl/certs$ ls -al /usr/share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt -rw-r--r-- 1 root root 834 2011-09-28 14:53 /usr/share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt ubuntu@srv-tf6sq:/etc/ssl/certs$ more /usr/share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt -----BEGIN CERTIFICATE----- MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G CSqGSIb3DQEBBQUAA4GBABByUqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i 2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ 2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ -----END CERTIFICATE----- But doing the steps myself I end up with a different hash: strace -o /tmp/foo.out curl -Iv https://test.sagepay.com and grep ssl /tmp/foo.out open("/lib/x86_64-linux-gnu/libssl.so.1.0.0", O_RDONLY) = 3 stat("/etc/ssl/certs/415660c1.0", {st_mode=S_IFREG|0644, st_size=834, ...}) = 0 open("/etc/ssl/certs/415660c1.0", O_RDONLY) = 4 stat("/etc/ssl/certs/415660c1.1", 0x7fff7dab07b0) = -1 ENOENT (No such file or directory) readlink -f /etc/ssl/certs/415660c1.0 /usr/share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt more /usr/share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt -----BEGIN CERTIFICATE----- MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G CSqGSIb3DQEBBQUAA4GBABByUqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i 2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ 2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ -----END CERTIFICATE----- Any other ideas? Thank you for the help so far :) Edit 3 So it turns out that installing the ca-certificates package didn't install the one that I needed. I found this post about certificates being presented out of order. This seems to be the case with my request to sagepay. The solution ended up being to install another CA certificate from Verisign. I'm not sure why this fixes the issue with it being out of order but it does, but I suspect the out of order issue really isn't a problem at all and it was infact because I was missing a certificate all along. The additional certificate is available in that post but I didn't want to blindly trust it. I've looked at the list of CA certificates from cURL's site and it is listed there so I do trust it. The certificate: Verisign Class 3 Public Primary Certification Authority ======================================================= -----BEGIN CERTIFICATE----- MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMx FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5 IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVow XzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAz IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA A4GNADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhEBarsAx94 f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/isI19wKTakyYbnsZogy1Ol hec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0GCSqGSIb3DQEBAgUAA4GBALtMEivPLCYA TxQT3ab7/AoRhIzzKBxnki98tsX63/Dolbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59Ah WM1pF+NEHJwZRDmJXNycAA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2Omuf Tqj/ZA1k -----END CERTIFICATE----- I put this in a file in: /usr/share/ca-certificates/curl/Verisign_Class_3_Public_Primary_Certification_Authority-from_cURL.crt I then modified the /etc/ca-certificates.conf and added the following line at the end: curl/Verisign_Class_3_Public_Primary_Certification_Authority-from_cURL.crt After that I ran the command: sudo update-ca-certificates Looking into the /etc/ssl/certs directory I see it correctly linked: ls -al | grep cURL lrwxrwxrwx 1 root root 69 2012-03-27 16:03 415660c1.0 -> Verisign_Class_3_Public_Primary_Certification_Authority-from_cURL.pem lrwxrwxrwx 1 root root 69 2012-03-27 16:03 7651b327.0 -> Verisign_Class_3_Public_Primary_Certification_Authority-from_cURL.pem lrwxrwxrwx 1 root root 101 2012-03-27 16:03 Verisign_Class_3_Public_Primary_Certification_Authority-from_cURL.pem -> /usr/share/ca-certificates/curl/Verisign_Class_3_Public_Primary_Certification_Authority-from_cURL.crt And everything works! curl -I https://test.sagepay.com HTTP/1.1 200 OK...

    Read the article

  • How to restrict user to a particular folder in CentOS 6?

    - by Chris Demetriad
    I will need to create users so developers can log in and clone/pull/push changes/repositories from a github like platform. I've managed to add a user (using the root) to this CentOS machine; I now have this line in /etc/passwd: chris:x:32008:32010::/home/chris/public_html:/bin/bash ..and this in /etc/shadow: chris:$1$ruUeLtTu$onAY2hdu1J.UmHajEIlmR.:15385:0:99999:7::: I am able to SSH the server, I have permission to create a folder and I guess that should be enough. But I am able to see other files and folders outside public_html. How can I actually restrict the user to a particular directory so he can't "cd out" of his folder? Update: root@echo [~]# ls -ld /home/moove drwx--x--x 21 moove moove 4096 Mar 22 16:16 /home/moove/ root@echo [~]# ls -ld /home/moove/public_html drwxr-x--- 11 moove nobody 4096 Mar 27 11:29 /home/moove/public_html/ root@echo [~]# ls -ld /home/moove/public_html/dev drwxr-x--- 12 moove nobody 4096 Mar 27 14:47 /home/moove/public_html/dev/ root@echo [~]# ls -ld /home/moove/public_html/dev/arsenal drwxr-xr-x 3 arsenal moove 4096 Mar 27 14:53 /home/moove/public_html/dev/arsenal/

    Read the article

  • squidGuard hangs during setup

    - by richard
    I have a squid proxy on my Debian-Gnu-Linux-laptop configured to block some web sites. I can set a browser to use this proxy, but I can also configure it to not use it. As I an using it to block some sites. I do not wish and application to be able to bypass the proxy. Is it possible to to configure a fire wall to black outgoing traffic except if sent by the proxy application or user? I would like a simple configurator if possible.

    Read the article

  • Regarding partitions for dual-booting Ubuntu with pre-existing Windows 7

    - by Shasteriskt
    I have zero actual experience with configuring disk partitions and the stuff I have read for the past few hours have been confusing me a bit, so please bear with me. First of all, I'd like to explain what I'm setting to achieve: Windows 7 with: C:\ Windows 7 (pre-existing installation) D:\ Data (Already exists and has files already) Ubuntu 11 - Does not exist yet, but I already have a LiveCD in hand. \root directory for Ubuntu \home on its own partition I plan \swap on its own partition with around 8GB Here is the current situation: I have a single 500 GB hard-disk with Windows 7 x64 installed, and the current partition schemes is as follows: System Reserved: 100 MB (Primary, Active) C: 100 GB - Where Windows 7 is installed (Primary) D: 365 GB - Where my files are located, LOTS of free space (Primary) Now, I would like to shrink my D: drive and create around 40 GB of unallocated disk space for the Ubuntu installation, but here what's confusing me a bit: I'm thinking I would create an extended partition and subdivide it into 3 logical partitions for the Ubuntu setup I had in mind. (If you think my setup is a bad idea, please let me know & why. I also hope you can suggest a better one...) I am aware that I can only have up to 4 primary partitions, or 3 primary partitions with 1 extended parition max. Now, does the System Recovery portion count as one primary partition? I'm really new to these things and it is totally unclear to me. In shrinking my D: drive using Windows 7's Disk Management tool, I would get an unallocated free space which I don't know how to make an extended partition from. It seems like I can only create a primary partition from it, not an extended one. How do I go about it? (I'd also like to note, if it is of any importance, that I am trying to avoid using the option to install Ubuntu alongside Windows, and much rather prefer using the custom install where I can specify which drives I wish to use and stuff. Somehow I feel its safer that way.)

    Read the article

  • How to set up a centralized backup server with lots of offsite workstations, intermittent internet connectivity, and stubborn users?

    - by Zac B
    This might be an impossible question. Context: We have a bunch of computers across around 1000 users. We have a centralized office where 900 of the users work, most of the time. Most of the computers are laptops. They are very frequently coming on and off the network for hours at a time. Users often take their computers home and do lots of work from home. In addition, there are a handful of users who work elsewhere in the country, who are offline (no internet connection whatsoever) for more than half of the time they use their machines. All of the machines are Windows 7/XP. Problem: People are always losing data. One day someone accidentally deletes a bunch of files. The next day someone else installs a bad driver or tries to mess with something in system32 and needs a personal data backup/reinstall of Windows. Because of how many of our business operations are done without an internet connection, and how frequently computers come on- and offline, it's unfeasible to make users use network storage for all of their data. We tried giving them Dropboxes, and they stored their files elsewhere. We bought and deployed Altiris, and they uninstalled it and blamed us when they couldn't get files back that they accidentally deleted while they were offline and hadn't taken a backup in months. We tried teaching them backup best-practices, and using scheduled sync tools to upload things to the network drives, and they turned them off because they "looked like viruses". It doesn't help that many of these users are pretty high up in the business and are not amicable to any sort of "you need to do something regularly because we say so" solution. Question: Other than finding another job where IT is treated differently and users are willing to follow best practices, how would people recommend I implement a file backup solution that supports the following: Backs up to a centralized server over LAN or WAN whenever a network link becomes available, or on a schedule. Supports interrupted/resumed backups (and hopefully file-delta only backups), since connections to the network (WAN or LAN) are often slow and only open for half an hour or so. Supports relatively rapid, "I accidentally deleted the TPS reports! Oh no!" single-file recovery, ideally administered from the central backup server rather than the client PC. Supports local-to-local file delta backup on a schedule, so that users without a network connection for a few days can still retrieve accidental deletions or whatnot. Ideally, the local stored backups would be pushed up to the server whenever network link is available. Isn't configurable on the clients without certain credentials. Because the CFOs (who won't give up their admin rights on the domain) will disable it if they can. Backs up the entire hard drive. There are people who are self-righteous about storing things in C:\, or in the recycle bin, or in the C:\Windows dir (yes, I know). I'm fine integrating multiple products/solutions, or scripting different programs together myself (I'm a somewhat competent programmer), but I've been drawing a blank on where to start. Dropbox is folder-specific, Altiris doesn't cope with LAN outages or interrupted/resumed backups, Volume Shadow Copy is awesome for a local-to-local solution, but I don't know how to push days of stored shadow copies up to a server in a 2 hour window of network access. The company is fine with spending decent money on this, thousands (USD) on a server, and hundreds on clients, if necessary. I want to emphasize that this isn't a shopping list request. While I wish there was a program out there that did what I want, I've looked pretty hard, and not found anything that fits the bill. Instead, I'm hoping for ideas on where to start hacking things together from scratch/from different technologies to make something stable that works. Cheers!

    Read the article

  • Photo organization software

    - by Aaron
    I am looking for photo organization software for family albums that meets the following requirements: Online Gallery Synchronized Searchable Access Controls Local Copies Synchronized Searchable Multiple individuals Multiple people have local copies All can contribute to tagging It syncs additions/changes/tags to the online gallery, which in turn syncs to other local copies Powerful Tagging Entity based (support multiple people with the same name) Multiple Types of Tags (People, Pets, Things) Coordinate or Full Image Tag can focus on certain area in picture, or reference the full picture Facial Recognition Does anyone know of a piece of software like this? I will pay!!!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172  | Next Page >